Added guide of Security on settings.py

HACKING.md

@@ -132,7 +132,7 @@
 
    on setting.py to:
 
-           `ALLOWED_HOSTS = ["example.com", "localhost"]`
+        ALLOWED_HOSTS = ["example.com", "localhost"]
 
 5. Added on setting.py:
 
@@ -144,9 +144,13 @@
 
 7. Create the media/ directory
 
+        ```
         cd /path/to/personalsite
+        ```
 
+        ```
         mkdir media/
+        ```
 
 8. Change Permition to media/ at group http
 
@@ -157,3 +161,31 @@
         sudo service httpd restart
 
 10. Done!
+
+# Security on settings.py [SSL, HTTPS, COOKIE, etc]
+
+```
+# security.W004
+SECURE_HSTS_SECONDS = 31536000
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD = True
+
+# security.W006
+SECURE_CONTENT_TYPE_NOSNIFF = True
+
+# security.W007
+SECURE_BROWSER_XSS_FILTER = True
+
+# security.W008
+SECURE_SSL_REDIRECT = True
+
+# security.W012
+SESSION_COOKIE_SECURE = True
+
+# security.W016、security.W017
+CSRF_COOKIE_SECURE = True
+CSRF_COOKIE_HTTPONLY = True
+
+# security.W019
+X_FRAME_OPTIONS = 'DENY'
+```