Implementation overview
per page JS and CSS
Minimize Use of Third-Party Scripts and Widgets
Defer Non-Critical JavaScript
Use Vanilla JavaScript or Lightweight Frameworks
Use secure frame headers
Enable HSTS for subdomains.
Enable HSTS preload header
Implement HTTPS by Setting Up an SSL Certificate
Use ARIA (Accessible Rich Internet Applications)
Ensure WCAG 2.1 Compliance for Accessibility
Make video accessible
Make simple and accessible animations.
Add Descriptive Alt Text for all important Images.
Ensure Sufficient Color Contrast for Text
Implement Keyboard Navigable Menus and Forms
Set your Robot.txt file
Set Up Proper 404 Error Pages with Useful Navigation
Implement Structured Data (Schema Markup)
Disable Webflow subdomain indexing
Use Global canonical URL
Optimize Fonts and Reduce Font Loading Times
Use a Content Delivery Network (CDN)
Minify CSS, JavaScript, and HTML
Implement Browser Caching and CDNs
Compress and render better images after uploading.
Optimize and Compress Images before uploading
Appropriate Sizing and Background Images
Set Image Above the Fold set to Eager.
Implement Lazy Loading for Images and Videos
Use Asynchronous Loading of CSS and JavaScript
Mobile testing focus
Implement Touch-Friendly Design Elements
Optimize Layouts for Screen Sizes and Orientations
Ensure Images Using srcset and sizes Attributes
Make Text Responsive with Fluid Typography
Mobile essential content
Ensure Breadcrumb Navigation for Better User Experience
Design a Logical and User-Friendly Navigation Menu
Create Intuitive URL Structures & Readable Slugs
Conduct a Heading Hierarchy
Use HTML5’s Semantic Tags For Better Architecture
Set a Clear Navigation and Structure Upfront

Webflow SSL Certificate: How to Enable HTTPS on Your Site

Medium impact
Super easy

HTTPS is not optional. It's a baseline expectation for every website and has been a Google ranking signal since 2014. Beyond SEO, HTTPS encrypts the data exchanged between your server and visitors — which matters whenever your site collects any information: contact forms, email signups, analytics.

The good news for Webflow sites: SSL is included with all Webflow hosting plans and configured automatically. When you connect a custom domain in Webflow, Webflow provisions an SSL certificate via Let's Encrypt and handles renewal. You don't need to buy, install, or manage a certificate.

What you do need to verify: in Webflow's hosting settings, ensure "HTTPS redirects" is enabled. This automatically redirects all HTTP traffic to HTTPS. Without it, both http:// and https:// versions of your site are technically accessible — two URLs serving the same content, which creates duplicate content signals for Google and leaves visitors who type HTTP unprotected.

Mixed content: even on an HTTPS site, you can have mixed content warnings if the page loads resources over HTTP. Common causes: a custom script added via Webflow's custom code section referencing an HTTP URL, an image URL hardcoded with HTTP in a Rich Text field, or an external embed using an HTTP iframe source. Mixed content causes browsers to block or warn about the resource.

How to check for mixed content: open your site in Chrome, right-click → Inspect → Console tab. Any mixed content warnings appear there with the offending URL. Fix by updating the resource URL to HTTPS. Most external services offer HTTPS versions of their embed codes — if they don't, replace the service.

Monthly check: open your site and confirm the padlock icon appears in the address bar. If it's missing or shows a warning, there's an HTTPS issue. Also confirm that both https://yourdomain.com and https://www.yourdomain.com resolve correctly — one should redirect to the other, not both serve content independently.

For Webflow sites, HTTPS is largely automated. The monthly check catches edge cases: custom code that breaks it, resources added from insecure sources, or domain configuration changes that affect redirect behavior.

How to do it on Webflow?

SSL Certificate is enabled by default Webflow-hosted websites, meaning they are easy to do. 

More information

https://university.webflow.com/lesson/ssl-hosting?topics=hosting-code-export#how-to-enable-ssl-hosting

Tools
Don't have the Checklist yet?
Download the Checklist