django-hstsmiddleware 1.0

Implement HSTS to force the use of HTTPS.

Forces the use of HTTPS using HTTP Strict Transport Security (HSTS).

Installation and Usage

Install the package, add django_hstsmiddleware to settings.INSTALLED_APPS, and add django_hstsmiddleware.middleware.HSTSMiddleware to the top of settings.MIDDLEWARE_CLASSES.

The following Django settings control its default behaviour:


Specifies the URI to redirect a User Agent to, if it tries to use a non-secure connection. Responds with HTTP Moved Permanently.

Defaults to None, so no redirect occurs. Instead, responds with HTTP Bad Request.


The maximum number of seconds that a User Agent will remember that this server must be contacted over HTTPS.

Defaults to 31536000, or approximately one year.


If true, tells a User Agent that all subdomains must also be contacted over HTTPS, in addition to the current domain.

Defaults to False






  • Development Status :: 5 - Production/Stable
  • Environment :: Web Environment
  • Framework :: Django
  • Operating System :: OS Independent
  • Programming Language :: Python
  • License :: OSI Approved :: BSD License
File Type Python Version Uploaded On Downloads
django-hstsmiddleware-1.0.tar.gz Source July 15, 2011 6,719
Version Release Date
1.0 July 15, 2011
Date Package Version Action
Aug. 26, 2015, 12:13 a.m. django-hstsmiddleware 1.0 Release Created
Aug. 26, 2015, 12:13 a.m. django-hstsmiddleware Package Created