2 comments

[ 3.3 ms ] story [ 8.9 ms ] thread
We were looking to enable HSTS for our Webflow landing page and were surprised that this feature was gated behind the enterprise plan paywall.

As it stands, Webflow customers cannot enable CSP, or HSTS on their pages without upgrading to the enterprise plan which does not even have published pricing: https://webflow.com/pricing

On the same page they explicitly state they do not provide support for security headers so this is not a support cost consideration and appears to be another tax on security.

The typical SaaS model. So ridiculous. SSO is behind that too