$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Boris Quiroz
April 26, 2014
Technology
0
55
Introducción a HSTS
Boris Quiroz
April 26, 2014
Tweet
Share
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
58
Docker Images Best Practices
boris
0
56
Software Freedom Day 2015
boris
0
46
Code Driven Infrastructure
boris
0
70
hola mundo
boris
0
66
DevOps Tools: Chef + Vagrant
boris
0
230
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
79
Tech, Method & Philosophy for the cloud
boris
0
54
Other Decks in Technology
See All in Technology
WordPress は終わったのか ~今のWordPress の制作手法ってなにがあんねん?~ / Is WordPress Over? How We Build with WordPress Today
tbshiki
2
840
re:Invent2025 コンテナ系アップデート振り返り(+CloudWatchログのアップデート紹介)
masukawa
0
390
マイクロサービスへの5年間 ぶっちゃけ何をしてどうなったか
joker1007
17
6.7k
生成AI時代におけるグローバル戦略思考
taka_aki
0
210
多様なデジタルアイデンティティを攻撃からどうやって守るのか / 20251212
ayokura
0
490
Bedrock AgentCore Memoryの新機能 (Episode) を試してみた / try Bedrock AgentCore Memory Episodic functionarity
hoshi7_n
1
480
ChatGPTで論⽂は読めるのか
spatial_ai_network
11
29k
AI時代のワークフロー設計〜Durable Functions / Step Functions / Strands Agents を添えて〜
yakumo
3
890
生成AIを利用するだけでなく、投資できる組織へ / Becoming an Organization That Invests in GenAI
kaminashi
0
110
Strands AgentsとNova 2 SonicでS2Sを実践してみた
yama3133
0
540
Oracle Cloud Infrastructure IaaS 新機能アップデート 2025/09 - 2025/11
oracle4engineer
PRO
0
170
Jakarta Agentic AI Specification - Status and Future
reza_rahman
0
110
Featured
See All Featured
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
83
The innovator’s Mindset - Leading Through an Era of Exponential Change - McGill University 2025
jdejongh
PRO
1
62
Side Projects
sachag
455
43k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.1k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
710
Designing for humans not robots
tammielis
254
26k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.2k
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
86
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
0
38
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
szymonslowik
0
840
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.1k
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
boris
tbshiki
masukawa
joker1007
taka_aki
ayokura
hoshi7_n
spatial_ai_network
yakumo
kaminashi
yama3133
oracle4engineer
reza_rahman
caitiem20
inesmontani
jdejongh
sachag
tammyeverts
bluesmoon
tammielis
sabderemane
kimpetersen
szymonslowik
kastner
