As part of our ongoing security improvements, HSTS (HTTP Strict Transport Security) response headers are now available on all sites. Non-Enterprise customers will have this enabled automatically. Webflow Enterprise customers can continue to enable/disable HSTS response headers as needed.

HSTS is a powerful security feature that ensures browsers only interact with your site using secure HTTPS connections. Without HSTS, sites are more vulnerable to attacks, data interception, and tampering. Overall, lack of HSTS increases risk of various security breaches that can compromise user data and trust.

With HSTS now active on all sites, this means:

• Enhanced Security: Protect your site and users from various types of attacks, ensuring all data transmitted is safe and secure.‍
• Increased User Trust: Users can have greater confidence in your site’s robust security measures, knowing their data is well-protected.