diff --git a/Pipfile b/Pipfile
index c4e936c4..c76e61c0 100644
--- a/Pipfile
+++ b/Pipfile
@@ -18,6 +18,7 @@ gunicorn = "*"
 django-widget-tweaks = "*"
 djangorestframework = "*"
 django-filter = "*"
+dj-database-url = "*"
 
 
 [dev-packages]
diff --git a/app/app/settings.py b/app/app/settings.py
index 74e7bf39..d98b884b 100644
--- a/app/app/settings.py
+++ b/app/app/settings.py
@@ -12,6 +12,8 @@ https://docs.djangoproject.com/en/2.0/ref/settings/
 
 import os
 import django_heroku
+import dj_database_url
+
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@@ -26,7 +28,7 @@ SECRET_KEY = 'v8sk33sy82!uw3ty=!jjv5vp7=s2phrzw(m(hrn^f7e_#1h2al'
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 
-ALLOWED_HOSTS = []
+# ALLOWED_HOSTS = []
 
 
 # Application definition
@@ -144,4 +146,13 @@ LOGIN_URL = '/login/'
 LOGIN_REDIRECT_URL = '/projects/'
 LOGOUT_REDIRECT_URL = '/'
 
-django_heroku.settings(locals())
\ No newline at end of file
+# Change 'default' database configuration with $DATABASE_URL.
+DATABASES['default'].update(dj_database_url.config(conn_max_age=500, ssl_require=True))
+
+# Honor the 'X-Forwarded-Proto' header for request.is_secure()
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+
+# Allow all host headers
+ALLOWED_HOSTS = ['*']
+
+django_heroku.settings(locals())