From 88d1eab1b8451aee26c23ea2445c19d6508ae7e6 Mon Sep 17 00:00:00 2001
From: Andy Mitchell <326561+Themitchell@users.noreply.github.com>
Date: Thu, 26 Mar 2026 15:47:58 +0000
Subject: [PATCH] PPHA-682: Implement preload and subdomains for HSTS

---
 lung_cancer_screening/settings.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lung_cancer_screening/settings.py b/lung_cancer_screening/settings.py
index 99171217..12bb9495 100644
--- a/lung_cancer_screening/settings.py
+++ b/lung_cancer_screening/settings.py
@@ -289,6 +289,8 @@ def pem_key_env(key, file_path_key=None):
 # Additional security settings for production
 if not DEBUG:
     SECURE_HSTS_SECONDS = 31536000
+    SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+    SECURE_HSTS_PRELOAD = True
     SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
     SECURE_SSL_REDIRECT = False
     SESSION_COOKIE_SECURE = True