Trying to understand two messages from `manage.py check --deploy`

[Tom Tanner]

I get these two messages after running `python manage.py check --deploy`

?: (security.W001) You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE_CLASSES so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, and SECURE_SSL_REDIRECT settings will have no effect.

?: (security.W019) You have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE_CLASSES, but X_FRAME_OPTIONS is not set to 'DENY'. The default is 'SAMEORIGIN', but unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'.

I do not understand what each of them mean or if I should be worried. Can anyone translate these to plain English?

[James Farris]

Hi,

django.middleware.security.SecurityMiddleware is missing in your settings.py file in the middleware section. 

Read the Django docs for more details on what they each one of the security options do. 

https://docs.djangoproject.com/en/2.0/ref/middleware/

Sent from my mobile device

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/1c0b2ca2-644c-4eac-9494-d3239e22f220%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.