Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Boris Quiroz
April 26, 2014
Technology
60
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Introducción a HSTS
Boris Quiroz
April 26, 2014
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
69
Docker Images Best Practices
boris
0
60
Software Freedom Day 2015
boris
0
50
Code Driven Infrastructure
boris
0
75
hola mundo
boris
0
68
DevOps Tools: Chef + Vagrant
boris
0
240
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
83
Tech, Method & Philosophy for the cloud
boris
0
62
Other Decks in Technology
See All in Technology
失敗を資産に変えるClaude Code
shinyasaita
0
700
Snowflakeと仲良くなる第一歩
coco_se
4
500
AIっぽい文章を採点して人間らしく直すアプリを作ってみた
yama3133
2
210
SONiCの統計情報を取得したい
sonic
0
190
Bucharest Tech Week 2026 - Reinventing testing practices in the AI era
edeandrea
PRO
1
160
AIはどのように 組織のアジリティを変えるのか?
junki
4
990
機械学習を「社会実装」するということ 2026年夏版 / Social Implementation of Machine Learning June 2026 Version
moepy_stats
6
2.5k
2026TECHFRESH畢業分享會 - Lightning Talk - E起 See See : 電商推薦讀心術? 數據說了算
line_developers_tw
PRO
0
1.2k
Agent Skills設計で柔軟性と硬さのバランスが難しい話
nassy20
0
140
なぜ Platform Engineering の土台に Kubernetes を選ぶのか
r4ynode
2
660
エンジニアリング戦略の作り方 / Crafting Engineering Strategy
iwashi86
21
7k
SONiCで構築・運用する生成AI向けパブリッククラウドネットワーク ~実装編~
sonic
0
250
Featured
See All Featured
Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)
konakalab
0
460
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2.3k
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2.3k
Collaborative Software Design: How to facilitate domain modelling decisions
baasie
1
250
Everyday Curiosity
cassininazir
0
230
Learning to Love Humans: Emotional Interface Design
aarron
275
41k
Building Flexible Design Systems
yeseniaperezcruz
330
40k
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
65
56k
How GitHub (no longer) Works
holman
316
150k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
610
First, design no harm
axbom
PRO
2
1.2k
The SEO identity crisis: Don't let AI make you average
varn
0
490
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
SiteGround - Reliable hosting with speed, security, and support you can count on.
boris
shinyasaita
coco_se
yama3133
sonic
edeandrea
junki
moepy_stats
line_developers_tw
nassy20
r4ynode
iwashi86
konakalab
inesmontani
baasie
cassininazir
aarron
yeseniaperezcruz
nwiizo
holman
tammyeverts
axbom
varn
