Streaming live at 10am (PST)

Public-Key-Pins headers (HPKP)


I could not find anything about Public Key Pins (HPKP).
Here’s an article on it and security companies advice:

Configure the webserver or website to always force this header. This can be done using the
following configuration directives:

Apache webserver:
Header always set Strict-Transport-Security “maxage=31536000; includeSubDomains” NginX webserver:
add_header Strict-Transport-Security “maxage=31536000; includeSubdomains” always;

Microsoft IIS
webserver: In the IIS manager choose “Add Custom HTTP Response Header” -> Name: “Strict-Transport-Security” -> Value: “max-age=31536000; includeSubdomains”


Webflow hosting doesn’t support custom header values/settings.

Please search the wishlist for upcoming features, and if there isn’t one for your requested feature yet, you can create a wishlist request.

You can also subscribe to wishlist items to stay updated to announcements regarding the wishlist item.

closed #3

This topic was automatically closed after 60 days. New replies are no longer allowed.