id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
17103	Add HTTP Strict Transport Security support, to improve support for all-SSL sites	Carl Meyer	nobody	"Since you pretty much shouldn't do anything with sessions or logins on a public site without SSL, I think a solid majority of public Django sites probably ought to be all-SSL. Given this, I think Django core should provide good support for all-SSL sites out of the box.

[http://en.wikipedia.org/wiki/Strict_Transport_Security HSTS (HTTP Strict Transport Security)] is an HTTP response header that allows a site to tell a browser to only ever access it over HTTPS. This avoids the need for redirect-to-SSL on repeat visits and reduces exposure to various types of attacks.

There is an existing implementation of HSTS in [http://pypi.python.org/pypi/django-secure django-secure]."	New feature	closed	HTTP handling	dev	Normal	fixed		zborboa@…	Accepted	0	0	0	0	0	0