Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Boris Quiroz
April 26, 2014
Technology
0
53
Introducción a HSTS
Boris Quiroz
April 26, 2014
Tweet
Share
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
58
Docker Images Best Practices
boris
0
56
Software Freedom Day 2015
boris
0
45
Code Driven Infrastructure
boris
0
67
hola mundo
boris
0
63
DevOps Tools: Chef + Vagrant
boris
0
230
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
78
Tech, Method & Philosophy for the cloud
boris
0
53
Other Decks in Technology
See All in Technology
整頓のジレンマとの戦い〜Tidy First?で振り返る事業とキャリアの歩み〜/Fighting the tidiness dilemma〜Business and Career Milestones Reflected on in Tidy First?〜
bitkey
2
16k
品質と速度の両立:生成AI時代の品質保証アプローチ
odasho
1
340
「クラウドコスト絶対削減」を支える技術—FinOpsを超えた徹底的なクラウドコスト削減の実践論
delta_tech
4
170
開発生産性を測る前にやるべきこと - 組織改善の実践 / Before Measuring Dev Productivity
kaonavi
9
4.3k
American airlines ®️ USA Contact Numbers: Complete 2025 Support Guide
airhelpsupport
0
380
敢えて生成AIを使わないマネジメント業務
kzkmaeda
2
440
2025 AWS Jr. Championが振り返るAWS Summit
kazukiadachi
0
110
高速なプロダクト開発を実現、創業期から掲げるエンタープライズアーキテクチャ
kawauso
2
9.2k
ビズリーチが挑む メトリクスを活用した技術的負債の解消 / dev-productivity-con2025
visional_engineering_and_design
3
7.5k
How Do I Contact HP Printer Support? [Full 2025 Guide for U.S. Businesses]
harrry1211
0
120
fukabori.fm 出張版: 売上高617億円と高稼働率を陰で支えた社内ツール開発のあれこれ話 / 20250704 Yoshimasa Iwase & Tomoo Morikawa
shift_evolve
PRO
2
7.6k
改めてAWS WAFを振り返る~業務で使うためのポイント~
masakiokuda
2
250
Featured
See All Featured
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Six Lessons from altMBA
skipperchong
28
3.9k
Done Done
chrislema
184
16k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
20
1.3k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.5k
Speed Design
sergeychernyshev
32
1k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
7
740
Facilitating Awesome Meetings
lara
54
6.4k
Mobile First: as difficult as doing things right
swwweet
223
9.7k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
It's Worth the Effort
3n
185
28k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.9k
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
boris
bitkey
odasho
delta_tech
kaonavi
airhelpsupport
kzkmaeda
kazukiadachi
kawauso
visional_engineering_and_design
harrry1211
shift_evolve
masakiokuda
marcelosomers
skipperchong
chrislema
honnibal
productmarketing
sergeychernyshev
addyosmani
lara
swwweet
cassininazir
3n
kastner
