From 8ae3df8105153ce5e3c7dc05b2a3dcdd99b68b7b Mon Sep 17 00:00:00 2001
From: PCoder <purple.coder@yahoo.co.uk>
Date: Tue, 11 Feb 2020 09:46:15 +0530
Subject: [PATCH] Reformatting

---
 notes.md | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/notes.md b/notes.md
index 576193a..f10e794 100644
--- a/notes.md
+++ b/notes.md
@@ -32,22 +32,34 @@ WARNINGS:
 
 ## Other security configurations for Django
 
-# What are the various security parameters ? https://django-secure.readthedocs.io/en/latest/settings.html
+What are the various security parameters ? https://django-secure.readthedocs.io/en/latest/settings.html
+
+1. XSS
+
+```
 # For Xss filter See https://scotthelme.co.uk/x-xss-protection-1-mode-block-demo/
 SECURE_BROWSER_XSS_FILTER = True
+```
 
+```
 # See https://docs.djangoproject.com/en/dev/ref/middleware/#x-content-type-options-nosniff
 SECURE_CONTENT_TYPE_NOSNIFF = True
+```
 
+2. HSTS settings
+
+```
 # Make the production server to respond to https always or set the strict https settings iff for a single domain
 SECURE_HSTS_INCLUDE_SUBDOMAINS=True
 # 30 seconds or above based on whether increasing this value breaks something
 SECURE_HSTS_SECONDS=30 seconds and above based on tests
 SECURE_HSTS_PRELOAD = True
-
+```
+3. Force/exempt ssl urls
+```
 # set to any regex of urls that need to be served over plain http
 # https://django-secure.readthedocs.io/en/latest/settings.html#secure-ssl-redirect
 SECURE_REDIRECT_EXEMPT = []
 SECURE_SSL_HOST = None
 SECURE_SSL_REDIRECT = False
-
+```