I need to configure hsts in one of django app. I have read django doc and came to a point that if I set
SECURE_HSTS_SECONDS = 3600
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
It will set hsts header on all request headers which it didn’t
Additionally I got another key value
SECURE_PROXY_SSL_HEADER = (‘HTTP_X_FORWARDED_PROTO’, ‘https’)
That I need to set if my app is behind proxy.
I expect that on all of my django api request headers I see that hsts header.