1. ALLOWED_HOSTS
2. SECURE_HSTS_SECONDS=3600
3. SECURE_HSTS_INCLUDE_SUBDOMAINS=True
4. SECURE_CONTENT_TYPE_NOSNIFF=True
5. SECURE_BROWSER_XSS_FILTER=True
6. SECURE_SSL_REDIRECT=True
7. SESSION_COOKIE_SECURE=True
8. CSRF_COOKIE_SECURE=True
9. X_FRAME_OPTIONS='DENY'
10. SECURE_HSTS_PRELOAD=True