Your website is vulnerable to a number of common hacker attacks because
MIDDLEWARE setting is missing
Django's SecurityMiddleware performs a suite of security checks and enhancements. By not including this middleware the following security features are not enabled:
1; mode=blockto enable the browser's built-in XSS protection. This fearure is present on Internet Explorer, Chrome and Safari.
SECURE_SSL_REDIRECTis set to
If we spot this issue in your GitHub pull request we give this advice:
Django Doctor will run this check by default. No configuration is needed but the check can be turned on/off using check code
missing-security-middleware in your pyproject.toml file.