diff --git a/src/firetower/settings.py b/src/firetower/settings.py
index e69af035..46e77430 100644
--- a/src/firetower/settings.py
+++ b/src/firetower/settings.py
@@ -86,11 +86,18 @@ def cmd_needs_dummy_config() -> bool:
 CSRF_TRUSTED_ORIGINS = [
     "http://localhost:5173",
     "https://firetower.getsentry.net",
-    "https://*.firetower.getsentry.net",
+    "https://test.firetower.getsentry.net",
 ]
 
 CORS_ALLOW_CREDENTIALS = True
 
+if not env_is_dev():
+    SECURE_SSL_REDIRECT = True
+    SECURE_CONTENT_TYPE_NOSNIFF = True
+    SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
+    SESSION_COOKIE_SECURE = True
+    CSRF_COOKIE_SECURE = True
+
 # Application definition
 
 INSTALLED_APPS = [