diff --git a/conf/settings_history/settings.3.1.1.py b/conf/settings_history/settings.3.1.1.py
index a142e66..d405f72 100644
--- a/conf/settings_history/settings.3.1.1.py
+++ b/conf/settings_history/settings.3.1.1.py
@@ -27,7 +27,7 @@ from logging.handlers import SysLogHandler
 # Django settings for Weblate project.
 #
 
-DEBUG = False
+DEBUG = FALSE
 
 ADMINS = (
     ('__ADMIN__', '__ADMINMAIL__'),
@@ -359,7 +359,6 @@ INSTALLED_APPS = (
     'weblate.lang',
     'weblate.langdata',
     'weblate.memory',
-    'weblate.permissions',
     'weblate.screenshots',
     'weblate.accounts',
     'weblate.utils',
@@ -575,9 +574,21 @@ CSRF_COOKIE_SECURE = ENABLE_HTTPS
 # Store CSRF token in session (since Django 1.11)
 CSRF_USE_SESSIONS = True
 SESSION_COOKIE_SECURE = ENABLE_HTTPS
+# SSL redirect
+SECURE_SSL_REDIRECT = ENABLE_HTTPS
 # Session cookie age (in seconds)
 SESSION_COOKIE_AGE = 1209600
 
+# Some security headers
+SECURE_BROWSER_XSS_FILTER = True
+X_FRAME_OPTIONS = 'DENY'
+SECURE_CONTENT_TYPE_NOSNIFF = True
+
+# Optionally enable HSTS
+SECURE_HSTS_SECONDS = 0
+SECURE_HSTS_PRELOAD = False
+SECURE_HSTS_INCLUDE_SUBDOMAINS = False
+
 # URL of login
 LOGIN_URL = '{0}/accounts/login/'.format(URL_PREFIX)
 
@@ -742,15 +753,17 @@ REST_FRAMEWORK = {
 
 # In such case you will want to include some of the exceptions
 # LOGIN_REQUIRED_URLS_EXCEPTIONS = (
-#    r'/accounts/(.*)$', # Required for login
-#    r'/static/(.*)$',   # Required for development mode
-#    r'/widgets/(.*)$',  # Allowing public access to widgets
-#    r'/data/(.*)$',     # Allowing public access to data exports
-#    r'/hooks/(.*)$',    # Allowing public access to notification hooks
-#    r'/api/(.*)$',      # Allowing access to API
-#    r'/js/i18n/$',      # Javascript localization
-#    r'/contact/$',      # Optional for contact form
-#    r'/legal/(.*)$',    # Optional for legal app
+#    r'/accounts/(.*)$',        # Required for login
+#    r'/admin/login/(.*)$',     # Required for admin login
+#    r'/static/(.*)$',          # Required for development mode
+#    r'/widgets/(.*)$',         # Allowing public access to widgets
+#    r'/data/(.*)$',            # Allowing public access to data exports
+#    r'/hooks/(.*)$',           # Allowing public access to notification hooks
+#    r'/healthz/$',             # Allowing public access to health check
+#    r'/api/(.*)$',             # Allowing access to API
+#    r'/js/i18n/$',             # Javascript localization
+#    r'/contact/$',             # Optional for contact form
+#    r'/legal/(.*)$',           # Optional for legal app
 # )
 
 # Force sane test runner
diff --git a/manifest.json b/manifest.json
index 16226dd..1dfb4d8 100644
--- a/manifest.json
+++ b/manifest.json
@@ -8,7 +8,7 @@
 	"description": {
 		"en": "A translation platform using Git and Python"
 	},
-	"version": "3.0.1~ynh2",
+	"version": "3.1.1~ynh2",
 	"url": "https://weblate.org",
 	"license": "AGPL-3.0",
 	"maintainer": {
diff --git a/scripts/_common.sh b/scripts/_common.sh
index cb6afd8..9a94ba5 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-current_version="3.0.1"
+current_version="3.1.1"
 
 ynh_check_global_uwsgi_config () {
 	uwsgi --version || ynh_die "You need to add uwsgi (and appropriate plugin) as a dependency"