Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Boris Quiroz
April 26, 2014
Technology
60
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Introducción a HSTS
Boris Quiroz
April 26, 2014
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
69
Docker Images Best Practices
boris
0
60
Software Freedom Day 2015
boris
0
50
Code Driven Infrastructure
boris
0
75
hola mundo
boris
0
68
DevOps Tools: Chef + Vagrant
boris
0
240
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
83
Tech, Method & Philosophy for the cloud
boris
0
62
Other Decks in Technology
See All in Technology
プロダクト開発から業務改善コンサルまで。事業全体へ「染み出す」ことで広がるエンジニアの可能性
ham0215
0
140
ACE-Step-1.5で見る 音楽生成AIのしくみと“破綻だけ直す”Retake機能の開発【zennfes spring 2026 登壇資料】
personabb
1
520
気づかぬうちにセキュリティ負債を生むAPIキー運用
sgwrmctk
0
170
Oracle AI Database@Azure:サービス概要のご紹介
oracle4engineer
PRO
6
2k
新しいUbuntu/GNOMEが使いたいからXからWaylandへ移行頑張ってるの巻 2026-06-20
nobutomurata
0
140
AIAU_UMEMOGU_ninomiya_slide
ninomiya_ii
0
180
AIネイティブな開発のサプライチェーンリスク対策 〜激動の開発現場でリスクに立ち向かう〜【ZennFes】
cscengineer
PRO
2
140
【2026年版】 ベクトル検索とEmbedding最前線
mocobeta
9
2.9k
SONiC Scale-Up Working Group から探る Scale-UpやUltraEthernet機能の実装方法
ebiken
PRO
2
370
Android の公式 Skill / Android skills
yanzm
0
150
日本 Fintech 未来予測レポート 2027〜2028年(オリジナル版)
8maki
0
2.3k
【Snowflake Summit 2026 Recap!!】Snowflake Summit Deep Dive: Security & Governance
civitaspo
1
240
Featured
See All Featured
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
How to audit for AI Accessibility on your Front & Back End
davetheseo
0
430
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
65
55k
ラッコキーワード サービス紹介資料
rakko
1
3.7M
エンジニアに許された特別な時間の終わり
watany
107
250k
Being A Developer After 40
akosma
91
590k
How to Align SEO within the Product Triangle To Get Buy-In & Support - #RIMC
aleyda
2
1.5k
The B2B funnel & how to create a winning content strategy
katarinadahlin
PRO
1
390
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.7k
Optimizing for Happiness
mojombo
378
71k
Making Projects Easy
brettharned
120
6.7k
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
boris
ham0215
personabb
sgwrmctk
oracle4engineer
nobutomurata
ninomiya_ii
cscengineer
mocobeta
ebiken
yanzm
8maki
civitaspo
caitiem20
davetheseo
soudai
rakko
watany
akosma
aleyda
katarinadahlin
chriscoyier
philnash
mojombo
brettharned
