$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Boris Quiroz
April 26, 2014
Technology
0
55
Introducción a HSTS
Boris Quiroz
April 26, 2014
Tweet
Share
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
58
Docker Images Best Practices
boris
0
57
Software Freedom Day 2015
boris
0
46
Code Driven Infrastructure
boris
0
70
hola mundo
boris
0
66
DevOps Tools: Chef + Vagrant
boris
0
230
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
80
Tech, Method & Philosophy for the cloud
boris
0
55
Other Decks in Technology
See All in Technology
Identity Management for Agentic AI 解説
fujie
0
450
Snowflake導入から1年、LayerXのデータ活用の現在 / One Year into Snowflake: How LayerX Uses Data Today
civitaspo
0
2.3k
AI との良い付き合い方を僕らは誰も知らない
asei
0
240
AI with TiDD
shiraji
1
270
AI駆動開発の実践とその未来
eltociear
1
480
「もしもデータ基盤開発で『強くてニューゲーム』ができたなら今の僕はどんなデータ基盤を作っただろう」
aeonpeople
0
230
オープンソースKeycloakのMCP認可サーバの仕様の対応状況 / 20251219 OpenID BizDay #18 LT Keycloak
oidfj
0
160
特別捜査官等研修会
nomizone
0
550
Bedrock AgentCore Evaluationsで学ぶLLM as a judge入門
shichijoyuhi
2
240
ソフトウェアエンジニアとAIエンジニアの役割分担についてのある事例
kworkdev
PRO
0
210
AWSインフルエンサーへの道 / load of AWS Influencer
whisaiyo
0
210
AI時代のワークフロー設計〜Durable Functions / Step Functions / Strands Agents を添えて〜
yakumo
3
2.1k
Featured
See All Featured
How to audit for AI Accessibility on your Front & Back End
davetheseo
0
120
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3.3k
Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline
techseoconnect
PRO
0
73
Context Engineering - Making Every Token Count
addyosmani
9
550
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
55k
Utilizing Notion as your number one productivity tool
mfonobong
2
190
Rebuilding a faster, lazier Slack
samanthasiow
85
9.3k
Scaling GitHub
holman
464
140k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.8k
GitHub's CSS Performance
jonrohan
1032
470k
Prompt Engineering for Job Search
mfonobong
0
120
Neural Spatial Audio Processing for Sound Field Analysis and Control
skoyamalab
0
130
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
boris
fujie
civitaspo
asei
shiraji
eltociear
aeonpeople
oidfj
nomizone
shichijoyuhi
kworkdev
whisaiyo
yakumo
davetheseo
eileencodes
techseoconnect
addyosmani
aki_iinuma
mfonobong
samanthasiow
holman
reverentgeek
jonrohan
skoyamalab
