I am setting up a reverse proxy using Cloudflare Workers. When I do this, do I give up security liabilities that Webflow takes upon themselves? I am still technically hosting on Webflow, just have another layer for Cloudflare.
You’re adding another system on top of a system. The underlying system is still there. From a pure system engineering perspective, you can’t truly “add” security that way, but you can certainly weaken it.
That said, I use CF constantly, for every client. If you configure it correctly, full strict SSL, etc, require SSL switched on, etc you should be fine. The rest depends on what you’re doing exactly. Anything you’re building on top of user accounts, gated content, form data processing, user data capture like IP… these totally depend on how well you engineer them.
Well I am specifically looking to integrate HSTS Security to my Webflow sites through this setup, since custom security headers aren’t available for non Enterprise users.
Am I not right in thinking that this would certainly add security to my sites? ( If set up correctly )
Yes I setup HSTS for clients sometimes.
Effectively it just mandates that SSL is used by the browser when connecting to the site.
Are you able to do this within Webflow without setting up an Enterprise account?
I reverse proxy all of my clients sites.