Public-Key-Pins headers (HPKP)

icexuick · July 28, 2017, 9:42am

I could not find anything about Public Key Pins (HPKP).
Here’s an article on it and security companies advice:

Configure the webserver or website to always force this header. This can be done using the
following configuration directives:

Apache webserver:
Header always set Strict-Transport-Security “maxage=31536000; includeSubDomains” NginX webserver:
add_header Strict-Transport-Security “maxage=31536000; includeSubdomains” always;

Microsoft IIS
webserver: In the IIS manager choose “Add Custom HTTP Response Header” → Name: “Strict-Transport-Security” → Value: “max-age=31536000; includeSubdomains”

samliew · July 28, 2017, 12:39pm

Webflow hosting doesn’t support custom header values/settings.

Please search the wishlist for upcoming features, and if there isn’t one for your requested feature yet, you can create a wishlist request.

You can also subscribe to wishlist items to stay updated to announcements regarding the wishlist item.

system · September 27, 2017, 6:43am

This topic was automatically closed after 60 days. New replies are no longer allowed.