Learn how to improve your site’s security and performance.
You can utilize advanced publishing options to help your site load faster and protect your site from several kinds of clickjacking attacks.
You can find advanced publishing options in the publishing dropdown when designing or building in Webflow, or under Site settings > Publishing > Advanced publishing options.
Enable SSL
SSL is enabled by default for sites created after November 14, 2018 to protect against security threats and potential data breaches. SSL prevents malicious actors from intercepting sensitive information (e.g., passwords, payment information, personal data, etc.) transmitted on your site. Browsers discourage people from visiting sites that don’t use SSL by marking such sites as “not secure.”
As of April 9, 2025, we’re beginning to migrate our DNS records and eventually will remove the option to toggle Enable SSL off. You cannot disable SSL on sites that use our new DNS records (i.e., the A record 198.202.211.1 and the CNAME record cdn.webflow.com). For security, you also cannot disable SSL on sites with Ecommerce or User Accounts enabled.
While it is still technically possible to disable SSL on some sites, we strongly recommend against this.
Minify HTML, CSS, JS
You can minify HTML, CSS, and/or JS separately. Minifying your site’s code can help your live website load faster, but can also make your code a little harder to read. Minifying the HTML can also fix spacing issues with inline-block elements.
Good to know
You can minify HTML, CSS, and JS independently of each other.
Asynchronously load JavaScript
When Asynchronously load JavaScript is toggled off (default), the browser loads JavaScript files synchronously (i.e., one at a time and in a specific order) before rendering page content (HTML and CSS). This can slow down how quickly content becomes visible and interactive, especially if scripts are large or complex.
When Asynchronously load JavaScript is toggled on, the browser loads JavaScript files in parallel and at the same time as rendering page content. This allows visible content to load and become interactive more quickly, which can improve perceived load time and performance metrics. However, custom JavaScript that you’ve added to your site may not run as expected if it relies on JavaScript files being loaded synchronously.
Please note that you’ll need to click Save and publish your site after toggling on Asynchronously load JavaScript for the change to take effect on your live site.
Important
If your site uses custom JavaScript, toggling on
Asynchronously load JavaScript may prevent it from running
as expected. This happens when your custom JavaScript relies on Webflow
JavaScript that hasn’t been fully loaded by the browser. Depending on
your specific custom code, there are two main ways to delay its execution
and ensure it works when asynchronously loading JavaScript:
-
External JavaScript — add the
defer attribute to
<script> tags with a src attribute
to delay execution until the HTML is fully parsed.
-
Inline JavaScript — wrap inline JavaScript in a window load event
handler to ensure execution only happens after all resources are
loaded.
Learn more about asynchronously loading per page JavaScript.
Note
Webflow Support is unable to provide assistance with custom code. If
your custom JavaScript (JS) doesn’t work after enabling asynchronous
JS loading and publishing your site, we recommend disabling the feature
and republishing your site while you
work with a developer
or reach out in the
Webflow forum
for support.
Per page CSS
When Per page CSS is toggled off (default), Webflow generates a single, site-wide CSS file that includes all styles across your site. If your site has a lot of styles, this can increase page load time.
When you toggle Per page CSS on, Webflow generates two smaller CSS files for each page on your site:
- A shared CSS file with global styles (e.g., fonts and HTML tag styling)
- A page-specific CSS file with styles used only on that individual page
By excluding styles that aren’t used on a page, per page CSS reduces the amount of CSS code the browser needs to load, which can improve page load time and overall site performance.
You’ll need to click Save and publish your site after enabling per page CSS for the change to take effect on your live site.
Important
If your site uses custom CSS code or a shared Library, enabling per page CSS may cause styling issues and prevent Library elements from displaying as expected. We recommend testing custom CSS after enabling per page CSS and disabling it on shared Library consumer sites.
Use secure frame headers
Using secure frame headers protects your site from several kinds of clickjacking attacks by restricting where your site can be embedded. Enabling this option will add a couple of headers to your published pages to prevent the pages from being embedded in iframes.
For security, you cannot disable secure frame headers on sites with Ecommerce or User Accounts enabled.
Note
It isn’t possible to embed Webflow staging subdomains (e.g., yoursite.webflow.io) in iframes, due to Webflow staging domain security. However, if you add a custom domain or subdomain to your site, you can embed your site in iframes as long as Use secure frame headers is set to off.