Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Boris Quiroz
April 26, 2014
Technology
0
53
Introducción a HSTS
Boris Quiroz
April 26, 2014
Tweet
Share
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
58
Docker Images Best Practices
boris
0
56
Software Freedom Day 2015
boris
0
45
Code Driven Infrastructure
boris
0
67
hola mundo
boris
0
63
DevOps Tools: Chef + Vagrant
boris
0
230
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
78
Tech, Method & Philosophy for the cloud
boris
0
53
Other Decks in Technology
See All in Technology
AIに頼りすぎない新人育成術
cuebic9bic
3
340
Jamf Connect ZTNAとMDMで実現! 金融ベンチャーにおける「デバイストラスト」実例と軌跡 / Kyash Device Trust
rela1470
1
210
形式手法特論:位相空間としての並行プログラミング #kernelvm / Kernel VM Study Tokyo 18th
ytaka23
3
1.5k
Claude Code x Androidアプリ 開発
kgmyshin
1
410
結局QUICで通信は速くなるの?
kota_yata
9
7.5k
薬屋のひとりごとにみるトラブルシューティング
tomokusaba
0
410
[kickflow]20250319_少人数チームでのAutify活用
otouhujej
0
180
歴代のWeb Speed Hackathonの出題から考えるデグレしないパフォーマンス改善
shuta13
6
550
AIドリブンのソフトウェア開発 - うまいやり方とまずいやり方
okdt
PRO
8
350
[OCI Technical Deep Dive] OCIで生成AIを活用するためのソリューション解説(2025年8月5日開催)
oracle4engineer
PRO
0
130
20250818_KGX・One Hokkaidoコラボイベント
tohgeyukihiro
0
120
Claude Codeは仕様駆動の夢を見ない
gotalab555
23
7.3k
Featured
See All Featured
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Building a Modern Day E-commerce SEO Strategy
aleyda
43
7.4k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
50k
Balancing Empowerment & Direction
lara
2
570
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.6k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3k
The Language of Interfaces
destraynor
160
25k
Agile that works and the tools we love
rasmusluckow
329
21k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
560
GraphQLとの向き合い方2022年版
quramy
49
14k
Unsuck your backbone
ammeep
671
58k
Building Applications with DynamoDB
mza
96
6.6k
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com