Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Boris Quiroz
April 26, 2014
Technology
0
55
Introducción a HSTS
Boris Quiroz
April 26, 2014
Tweet
Share
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
58
Docker Images Best Practices
boris
0
57
Software Freedom Day 2015
boris
0
46
Code Driven Infrastructure
boris
0
70
hola mundo
boris
0
66
DevOps Tools: Chef + Vagrant
boris
0
230
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
80
Tech, Method & Philosophy for the cloud
boris
0
55
Other Decks in Technology
See All in Technology
AlmaLinux + KVM + Cockpit で始めるお手軽仮想化基盤 ~ 開発環境などでの利用を想定して ~
koedoyoshida
0
150
Bedrock AgentCore Evaluationsで学ぶLLM as a judge入門
shichijoyuhi
1
150
20251218_AIを活用した開発生産性向上の全社的な取り組みの進め方について / How to proceed with company-wide initiatives to improve development productivity using AI
yayoi_dd
0
620
Amazon Bedrock Knowledge Bases × メタデータ活用で実現する検証可能な RAG 設計
tomoaki25
6
2.1k
普段使ってるClaude Skillsの紹介(by Notebooklm)
zerebom
8
2k
AWSの新機能をフル活用した「re:Inventエージェント」開発秘話
minorun365
2
400
mairuでつくるクレデンシャルレス開発環境 / Credential-less development environment using Mailru
mirakui
5
590
子育てで想像してなかった「見えないダメージ」 / Unforeseen "hidden burdens" of raising children.
pauli
2
320
フィッシュボウルのやり方 / How to do a fishbowl
pauli
2
360
AWS re:Invent 2025~初参加の成果と学び~
kubomasataka
0
180
New Relic 1 年生の振り返りと Cloud Cost Intelligence について #NRUG
play_inc
0
210
AWS re:Invent 2025 re:Cap LT大会 データベース好きが語る re:Invent 2025 データベースアップデート/セッションの紹介
coldairflow
0
160
Featured
See All Featured
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
9.8k
Sam Torres - BigQuery for SEOs
techseoconnect
PRO
0
140
A Modern Web Designer's Workflow
chriscoyier
698
190k
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
cargoodrich
2
61
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.2k
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
chikuwait
0
180
Leo the Paperboy
mayatellez
0
1.2k
KATA
mclloyd
PRO
33
15k
Information Architects: The Missing Link in Design Systems
soysaucechin
0
710
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
How To Speak Unicorn (iThemes Webinar)
marktimemedia
1
340
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
boris
koedoyoshida
shichijoyuhi
yayoi_dd
tomoaki25
zerebom
minorun365
mirakui
pauli
kubomasataka
play_inc
coldairflow
eileencodes
techseoconnect
chriscoyier
cargoodrich
denniskardys
tammyeverts
chikuwait
mayatellez
mclloyd
soysaucechin
malarkey
marktimemedia
