Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Boris Quiroz
April 26, 2014
Technology
0
55
Introducción a HSTS
Boris Quiroz
April 26, 2014
Tweet
Share
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
60
Docker Images Best Practices
boris
0
57
Software Freedom Day 2015
boris
0
46
Code Driven Infrastructure
boris
0
72
hola mundo
boris
0
66
DevOps Tools: Chef + Vagrant
boris
0
230
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
82
Tech, Method & Philosophy for the cloud
boris
0
59
Other Decks in Technology
See All in Technology
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
3k
Bill One急成長の舞台裏 開発組織が直面した失敗と教訓
sansantech
PRO
2
350
AI駆動開発を事業のコアに置く
tasukuonizawa
1
140
Agile Leadership Summit Keynote 2026
m_seki
1
580
AIと新時代を切り拓く。これからのSREとメルカリIBISの挑戦
0gm
0
880
ブロックテーマでサイトをリニューアルした話 / 2026-01-31 Kansai WordPress Meetup
torounit
0
460
生成AI時代にこそ求められるSRE / SRE for Gen AI era
ymotongpoo
5
3k
ClickHouseはどのように大規模データを活用したAIエージェントを全社展開しているのか
mikimatsumoto
0
220
MCPでつなぐElasticsearchとLLM - 深夜の障害対応を楽にしたい / Bridging Elasticsearch and LLMs with MCP
sashimimochi
0
150
Bedrock PolicyでAmazon Bedrock Guardrails利用を強制してみた
yuu551
0
200
外部キー制約の知っておいて欲しいこと - RDBMSを正しく使うために必要なこと / FOREIGN KEY Night
soudai
PRO
12
5.3k
【Oracle Cloud ウェビナー】[Oracle AI Database + AWS] Oracle Database@AWSで広がるクラウドの新たな選択肢とAI時代のデータ戦略
oracle4engineer
PRO
1
130
Featured
See All Featured
Making the Leap to Tech Lead
cromwellryan
135
9.7k
Skip the Path - Find Your Career Trail
mkilby
0
54
Optimizing for Happiness
mojombo
379
71k
BBQ
matthewcrist
89
10k
It's Worth the Effort
3n
188
29k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.8k
sira's awesome portfolio website redesign presentation
elsirapls
0
150
Paper Plane (Part 1)
katiecoart
PRO
0
4.1k
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
96
Abbi's Birthday
coloredviolet
1
4.7k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
51k
エンジニアに許された特別な時間の終わり
watany
106
230k
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
boris
sansan33
sansantech
tasukuonizawa
m_seki
0gm
torounit
ymotongpoo
mikimatsumoto
sashimimochi
yuu551
soudai
oracle4engineer
cromwellryan
mkilby
mojombo
matthewcrist
3n
bluesmoon
elsirapls
katiecoart
tmiket
coloredviolet
chrisshort
watany
