{"id":4580,"date":"2024-04-14T23:48:23","date_gmt":"2024-04-14T15:48:23","guid":{"rendered":"https:\/\/webflow.tenten.co\/?p=4580"},"modified":"2024-04-14T23:48:23","modified_gmt":"2024-04-14T15:48:23","slug":"personalized-security-headers","status":"publish","type":"post","link":"https:\/\/webflow.tenten.co\/en\/personalized-security-headers\/","title":{"rendered":"Personalized Security Headers"},"content":{"rendered":"\n<div class=\"docs_rich-text w-richtext\">\n<h6 id=\"\"><strong id=\"\">Reminder:<\/strong> Individualized security headers are exclusively accessible to Webflow Enterprise clients. They are part of Enterprise site packages.<\/h6>\n<p id=\"\">Personalized security headers contribute an additional coating of safety to any of your publicly accessible websites, and can obstruct actions like cross-site scripting attacks, iframe embedding, and other domain level security concerns.<\/p>\n<p id=\"\">In this module, you will find out:<\/p>\n<ol id=\"\">\n<li id=\"\">Details about Webflow-approved headers<\/li>\n<li id=\"\">Instructions on enabling and incorporating a personalized security header<\/li>\n<li id=\"\">Guidelines for removing a personalized security header<\/li>\n<li id=\"\">Steps to activate HSTS response header<\/li>\n<\/ol>\n<h2 id=\"\">Details about Webflow-approved headers<\/h2>\n<p id=\"\">Webflow currently endorses the following headers:<\/p>\n<ul id=\"\">\n<li id=\"\">x-xss-protection<\/li>\n<li id=\"\">x-content-type-options<\/li>\n<li id=\"\">x-frame-options<\/li>\n<li id=\"\">referrer-policy<\/li>\n<li id=\"\">x-permitted-cross-domain-policies<\/li>\n<li id=\"\">timing-allow-origin<\/li>\n<li id=\"\">content-security-policy<\/li>\n<li id=\"\">feature-policy<\/li>\n<li id=\"\">expect-ct<\/li>\n<li id=\"\">strict-transport-security (enabled in Advanced publishing options)<\/li>\n<\/ul>\n<p id=\"\">For detailed information regarding each of these headers, their structure, and browser compatibility, visit the <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers#security\" target=\"_blank\" id=\"\" rel=\"noopener\">MDN web docs<\/a>.<\/p>\n<h6 id=\"\"><strong id=\"\">Reminder:<\/strong> Webflow does not currently back the <strong id=\"\">permissions-policy<\/strong> header. We recommend using the <strong id=\"\">feature-policy<\/strong> header instead.<\/h6>\n<h2 id=\"\">Instructions on enabling and adding a personalized security header<\/h2>\n<p id=\"\">To <strong id=\"\">activate<\/strong> personalized security headers on a site, please get in touch with <a href=\"https:\/\/webflow.com\/enterprise\" id=\"\">our Sales team<\/a>. They will grant access to the feature on a per-site basis, enabling you to append or modify the personalized security headers on each site as required.<\/p>\n<p id=\"\">To include a personalized security header (after enabling the feature on your site):<\/p>\n<ol id=\"\">\n<li id=\"\">Access <strong id=\"\">Site settings<\/strong> &gt; <strong id=\"\">Publishing <\/strong>tab and navigate to <strong id=\"\">Custom Headers<\/strong><\/li>\n<li id=\"\">Switch<strong id=\"\"> Enable Custom Site Headers<\/strong> to \u201c<strong id=\"\">Yes<\/strong>\u201d<\/li>\n<li id=\"\">Select a header from the <strong id=\"\">Header <\/strong>dropdown<\/li>\n<li id=\"\">Insert a value into the <strong id=\"\">Value<\/strong> field<\/li>\n<li id=\"\">Click <strong id=\"\">Add header<\/strong><\/li>\n<\/ol>\n<p id=\"\">Please keep in mind, the personalized security header will not become effective until you re-publish your site. To publish your site, scroll to the top of <strong id=\"\">Site settings<\/strong> and click <strong id=\"\">Publish<\/strong>.<\/p>\n<h6 id=\"\"><strong id=\"\">Reminder:<\/strong> Current headers cannot be edited (the existing one must be removed to insert new values).<\/h6>\n<h2 id=\"\">Instructions on deleting a personalized security header<\/h2>\n<p id=\"\">To erase a personalized security header from your site:<\/p>\n<ol id=\"\">\n<li id=\"\">Navigate to <strong id=\"\">Site settings<\/strong> &gt; <strong id=\"\">Publishing <\/strong>tab and scroll to <strong id=\"\">Custom Headers<\/strong><\/li>\n<li id=\"\">Click the \u201c<strong id=\"\">trash<\/strong>\u201d icon next to the header you wish to remove<\/li>\n<\/ol>\n<h2 id=\"\">Steps to activate HSTS response header<\/h2>\n<p id=\"\">The <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Strict-Transport-Security\" target=\"_blank\" id=\"\" rel=\"noopener\">HTTP strict-transport-security (HSTS) response header<\/a> is also accessible. To enable strict-transport-security, navigate to <strong id=\"\">Site settings<\/strong> &gt; <strong id=\"\">Publishing<\/strong> tab&gt; <strong id=\"\">Advanced publishing options<\/strong>.\u00a0<\/p>\n<p id=\"\">There are 3 HSTS options available, which can be toggled \u201c<strong id=\"\">on<\/strong>\u201d or \u201c<strong id=\"\">off<\/strong>\u201d:<\/p>\n<ul id=\"\">\n<li id=\"\"><strong id=\"\">Enable HSTS<\/strong> \u2013 HSTS will only function on a site with a custom domain<\/li>\n<li id=\"\"><strong id=\"\">Enable HSTS with subdomains<\/strong> \u2013 HSTS can solely be activated on subdomains if the root site also has HSTS turned on<\/li>\n<li id=\"\"><strong id=\"\">Enable HSTS Preload Header<\/strong> \u2013 HSTS Preload instructs browsers to add your site to the preload list. Warning: this may render your site unreachable if any subdomain uses HTTP, and if \u201cEnable HSTS with subdomains\u201d is also enabled.<\/li>\n<\/ul>\n<h6 id=\"\"><strong id=\"\">Reminder:<\/strong> If you encounter missing images or assets while viewing the live, published site, double-check the accuracy of the header value. Errors in the syntax of the <strong id=\"\">Value<\/strong> field can create problems on the published site.<\/h6>\n<blockquote id=\"\"><p>\u200d<strong id=\"\">Essential:<\/strong> Due to security and liability concerns, our support and success teams cannot provide direct assistance with setting up or resolving issues related to personalized security headers. If you encounter problems with personalized security headers, please inform us on the <a href=\"https:\/\/discourse.webflow.com\/c\/design-help\/custom-code\/22\" id=\"\">Webflow Forum<\/a>, where the entire Webflow community (including staff) can offer additional assistance and resources.<\/p><\/blockquote>\n<\/div>\n","protected":false},"excerpt":{"rendered":"Enable, add, and delete custom security headers and HSTS from a site.","protected":false},"author":2,"featured_media":5325,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"csco_display_header_overlay":false,"csco_singular_sidebar":"","csco_page_header_type":"","footnotes":""},"categories":[286],"tags":[],"class_list":{"0":"post-4580","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-site-settings","8":"cs-entry"},"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/posts\/4580","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/comments?post=4580"}],"version-history":[{"count":0,"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/posts\/4580\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/media\/5297"}],"wp:attachment":[{"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/media?parent=4580"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/categories?post=4580"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/tags?post=4580"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}