Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Boris Quiroz
April 26, 2014
Technology
0
55
Introducción a HSTS
Boris Quiroz
April 26, 2014
Tweet
Share
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
60
Docker Images Best Practices
boris
0
57
Software Freedom Day 2015
boris
0
46
Code Driven Infrastructure
boris
0
72
hola mundo
boris
0
66
DevOps Tools: Chef + Vagrant
boris
0
230
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
82
Tech, Method & Philosophy for the cloud
boris
0
59
Other Decks in Technology
See All in Technology
SREのプラクティスを用いた3領域同時 マネジメントへの挑戦 〜SRE・情シス・セキュリティを統合した チーム運営術〜
coconala_engineer
2
770
SREが向き合う大規模リアーキテクチャ 〜信頼性とアジリティの両立〜
zepprix
0
480
AI駆動開発を事業のコアに置く
tasukuonizawa
1
360
OWASP Top 10:2025 リリースと 少しの日本語化にまつわる裏話
okdt
PRO
3
840
usermode linux without MMU - fosdem2026 kernel devroom
thehajime
0
240
登壇駆動学習のすすめ — CfPのネタの見つけ方と書くときに意識していること
bicstone
3
130
ブロックテーマでサイトをリニューアルした話 / 2026-01-31 Kansai WordPress Meetup
torounit
0
480
AWS Network Firewall Proxyを触ってみた
nagisa53
1
240
会社紹介資料 / Sansan Company Profile
sansan33
PRO
15
400k
制約が導く迷わない設計 〜 信頼性と運用性を両立するマイナンバー管理システムの実践 〜
bwkw
3
1k
Tebiki Engineering Team Deck
tebiki
0
24k
(技術的には)社内システムもOKなブラウザエージェントを作ってみた!
har1101
0
150
Featured
See All Featured
The Invisible Side of Design
smashingmag
302
51k
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.2k
Music & Morning Musume
bryan
47
7.1k
Measuring Dark Social's Impact On Conversion and Attribution
stephenakadiri
1
130
Game over? The fight for quality and originality in the time of robots
wayneb77
1
120
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
62
50k
Neural Spatial Audio Processing for Sound Field Analysis and Control
skoyamalab
0
170
AI: The stuff that nobody shows you
jnunemaker
PRO
2
270
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
aleyda
1
1.8k
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
61
52k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
boris
coconala_engineer
zepprix
tasukuonizawa
okdt
thehajime
bicstone
torounit
nagisa53
sansan33
bwkw
tebiki
har1101
smashingmag
wjessup
irinanazarova
bryan
stephenakadiri
wayneb77
soudai
skoyamalab
jnunemaker
aleyda
nwiizo
chriscoyier
