diff --git a/django_app/django_app/settings.py b/django_app/django_app/settings.py
index adc159c..f87c12b 100644
--- a/django_app/django_app/settings.py
+++ b/django_app/django_app/settings.py
@@ -134,3 +134,13 @@
 STATICFILES_DIRS = [
     BASE_DIR / 'project_static'
 ]
+
+# CSRF setup
+
+if not DEBUG:
+    CSRF_TRUSTED_ORIGINS = [f'https://{x}' for x in ALLOWED_HOSTS]
+    SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+
+# These are for https only:
+# CSRF_COOKIE_SECURE = True
+# SESSION_COOKIE_SECURE = True