Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Boris Quiroz
April 26, 2014
Technology
59
0
Share
Introducción a HSTS
Boris Quiroz
April 26, 2014
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
65
Docker Images Best Practices
boris
0
58
Software Freedom Day 2015
boris
0
48
Code Driven Infrastructure
boris
0
74
hola mundo
boris
0
68
DevOps Tools: Chef + Vagrant
boris
0
230
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
83
Tech, Method & Philosophy for the cloud
boris
0
60
Other Decks in Technology
See All in Technology
AI-DLCを活用した高品質・安全なAI駆動開発実践 / AI Driven Development
yoshidashingo
1
250
はじめてのDatadog
kairim0
0
230
Sony_KMP_Journey_KotlinConf2026
sony
0
170
Platform engineering for developers, architects & the rest of us (AI agents)
danielbryantuk
0
150
AI時代から振り返るTerraform drift運用の歴史 / AI Age Reflections on the History of Terraform Drift Operations
aeonpeople
0
590
JJUG CCC 2026 Spring AI時代の開発こそ標準化を武器に! ― 方式・プロセス・プラットフォームの標準化
s27watanabe
2
630
基礎から解説!Icebergで紐解くSnowflake×Databricks連携の現在地
cm_yasuhara
0
390
Claude code Orchestra
ozakiomumkj
2
680
AI駆動開発でなんでもハンズオン環境をつくってみた
yoshimi0227
0
180
海外カンファレンス「JavaOne」参加レポート ユーザー系IT企業における目的・成果/JavaOne Report Purpose and Results in the User IT Company
muit
0
110
インフラが苦手でも大丈夫! 紙芝居 Kubernetes -WWGT 10周年編-
aoi1
1
310
組織の中で自分を経営する技術
shoota
0
230
Featured
See All Featured
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.3k
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
230
[RailsConf 2023] Rails as a piece of cake
palkan
59
6.6k
From π to Pie charts
rasagy
0
190
Deep Space Network (abreviated)
tonyrice
0
160
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
930
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
350
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
254
22k
Paper Plane
katiecoart
PRO
1
50k
How GitHub (no longer) Works
holman
316
150k
Leo the Paperboy
mayatellez
7
1.8k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.8k
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
boris
yoshidashingo
kairim0
sony
danielbryantuk
aeonpeople
s27watanabe
cm_yasuhara
ozakiomumkj
yoshimi0227
muit
.jpg){kind=avatar}
aoi1
shoota
charlesmeaden
nikkihalliwell
palkan
rasagy
tonyrice
tammyeverts
akashhashmi
smashingmag
katiecoart
holman
mayatellez
jcasabona
