Streaming live at 10am (PST)

Setting various webflow host HTTP headers for security


#1

I am working with a client that is asking of we can set various security-related headers from our webflow hosted site:

content-security-policy, x-content-type-options, x-frame-options, x-xss-protection, strict-transport-security.

I can really see the value in being able to set some of these via an advanced options section in site settings to really help secure your site. For example as a simple one if I don't want someone embedding my site in an iframe, setting x-frame-options would be pretty nice. I can see that some of the others could get you into trouble but having a set of options for each that won't completely break my site would be nice :slight_smile:

Just to confirm, there is no way to set an option to control any of these, correct? I couldn't find anything.

In that case it sounds like a feature request but I wanted to toss this out there to get some general thoughts and comments, I'm no expert on website security.


#2

Correct, please feel free to request in the wishlist.


#3

This topic was automatically closed after 60 days. New replies are no longer allowed.