Implement HSTS to force the use of HTTPS.
Forces the use of HTTPS using HTTP Strict Transport Security (HSTS).
Install the package, add django_hstsmiddleware to settings.INSTALLED_APPS, and add django_hstsmiddleware.middleware.HSTSMiddleware to the top of settings.MIDDLEWARE_CLASSES.
The following Django settings control its default behaviour:
Specifies the URI to redirect a User Agent to, if it tries to use a non-secure connection. Responds with HTTP Moved Permanently.
Defaults to None, so no redirect occurs. Instead, responds with HTTP Bad Request.
The maximum number of seconds that a User Agent will remember that this server must be contacted over HTTPS.
Defaults to 31536000, or approximately one year.
If true, tells a User Agent that all subdomains must also be contacted over HTTPS, in addition to the current domain.
Defaults to False