We were looking to enable HSTS for our Webflow landing page and were surprised that this feature was gated behind the enterprise plan paywall.
As it stands, Webflow customers cannot enable CSP, or HSTS on their pages without upgrading to the enterprise plan which does not even have published pricing: https://webflow.com/pricing
On the same page they explicitly state they do not provide support for security headers so this is not a support cost consideration and appears to be another tax on security.
