diff --git a/blog/settings.py b/blog/settings.py
index 4e0218d..e5f71c0 100644
--- a/blog/settings.py
+++ b/blog/settings.py
@@ -53,6 +53,10 @@ HOSTS = os.getenv("HOSTS")
 if HOSTS:
     ALLOWED_HOSTS.extend(HOSTS.split(";"))
 
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
+SESSION_COOKIE_SECURE = not DEBUG
+CSRF_COOKIE_SECURE = not DEBUG
+
 
 # Application definition