Security headers, fix offline saving issue

config/environments/production.rb

@@ -1,6 +1,8 @@
 Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
+  config.force_ssl = true
+
   # Code is not reloaded between requests.
   config.cache_classes = true