Django deployment checklist

Django tip:

Check your production file for security vulnerabilities with the check command:

$ ./ check --deploy


$ ./ check --deploy
System check identified some issues:

have not set CSRF COOKIE SECURE to True. Using a secure-only CSRF cookie
makes it more difficult for network traffic sniffers to steal the CSRF token.
? (security.W018) You should not have DEBUG set to True in deployment.
? (security.W022) You have not set the SECURE_REFERRER_POLICY setting.
Without this, your site will not send a Referrer-Policy header.
You should consider enabling this header to protect user privacy.