About Using HTTPS
For the best security, all websites should be running under HTTPS. You can do that with Let's Encrypt.
For projects with HTTPS also set these Django project settings to disable session and CSRF cookie access from JavaScript:
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True
Tips and Tricks Security Django 4.2 Django 3.2 Django 2.2 SSL
Also by me
Django Paddle Subscriptions app
For Django-based SaaS projects.
Django GDPR Cookie Consent app
For Django websites that use cookies.