Complete the code to enable HTTPS redirect in Django settings.
SECURE_SSL_REDIRECT = [1]Setting SECURE_SSL_REDIRECT to True forces Django to redirect all HTTP requests to HTTPS.
Complete the code to set the secure flag on cookies in Django settings.
SESSION_COOKIE_SECURE = [1]Setting SESSION_COOKIE_SECURE to True ensures cookies are only sent over HTTPS.
Fix the error in the code to set the HTTPOnly flag on cookies.
CSRF_COOKIE_HTTPONLY = [1]The CSRF_COOKIE_HTTPONLY setting should be a boolean. Setting it to False disables HTTPOnly, which is the default.
Fill both blanks to set the HSTS header with a max age of 1 year and include subdomains.
SECURE_HSTS_SECONDS = [1] SECURE_HSTS_INCLUDE_SUBDOMAINS = [2]
SECURE_HSTS_SECONDS sets the max age for HSTS in seconds (1 year = 31536000 seconds). SECURE_HSTS_INCLUDE_SUBDOMAINS set to True applies HSTS to all subdomains.
Fill all three blanks to configure secure cookies with HTTPOnly and set the secure proxy SSL header.
SESSION_COOKIE_SECURE = [1] CSRF_COOKIE_HTTPONLY = [2] SECURE_PROXY_SSL_HEADER = ([3], 'https')
Set SESSION_COOKIE_SECURE to True to send cookies only over HTTPS. CSRF_COOKIE_HTTPONLY is set to False to allow JavaScript access if needed. SECURE_PROXY_SSL_HEADER uses 'HTTP_X_FORWARDED_PROTO' to detect HTTPS behind a proxy.