Warning: possibly outdated

ALLOWED_HOSTS settings.py parameter represents the contents of Heroku documents when this answer was originally written in 2015. Although I am sure that the ALLOWED_HOSTS parameters listed here are safe, refer to the latest documents before copying any of these settings!

The original answer follows. See below for more information.

This is exactly what you should do to get started with Django on Heroku :

settings.py

 # Parse database configuration from $DATABASE_URL import dj_database_url DATABASES['default'] = dj_database_url.config() # Honor the 'X-Forwarded-Proto' header for request.is_secure() SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') # Allow all host headers ALLOWED_HOSTS = ['*'] # Static asset configuration import os BASE_DIR = os.path.dirname(os.path.abspath(__file__)) STATIC_ROOT = 'staticfiles' STATIC_URL = '/static/' STATICFILES_DIRS = ( os.path.join(BASE_DIR, 'static'), ) 

2018 update

The link above no longer works, because Heroku Getting Started document formats are slightly different these days, providing pre-created repository examples rather than sample code in documents. The current Python Getting Started Repo has ALLOWED_HOSTS = [] , but also DEBUG = True , which, according to the Django 2.1 docs, triggers a special case where

 ALLOWED_HOSTS = ['localhost', '127.0.0.1', '[::1]'] 

Since DEBUG = True not recommended or does not have a good idea in production, the original recommendation in this answer still acts as a ready-to-release solution for the Heroku application. Make sure you read and understand Charlie Weim's brief answer before deciding what to do.

Full disclosure: I did not create a Heroku production application in the latest version of Django. YMMV :)