Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Boris Quiroz
April 26, 2014
Technology
0
55
Introducción a HSTS
Boris Quiroz
April 26, 2014
Tweet
Share
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
60
Docker Images Best Practices
boris
0
57
Software Freedom Day 2015
boris
0
46
Code Driven Infrastructure
boris
0
71
hola mundo
boris
0
66
DevOps Tools: Chef + Vagrant
boris
0
230
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
82
Tech, Method & Philosophy for the cloud
boris
0
59
Other Decks in Technology
See All in Technology
顧客との商談議事録をみんなで読んで顧客解像度を上げよう
shibayu36
0
190
CDK対応したAWS DevOps Agentを試そう_20260201
masakiokuda
1
210
Webhook best practices for rock solid and resilient deployments
glaforge
1
270
Azure Durable Functions で作った NL2SQL Agent の精度向上に取り組んだ話/jat08
thara0402
0
150
All About Sansan – for New Global Engineers
sansan33
PRO
1
1.3k
Cosmos World Foundation Model Platform for Physical AI
takmin
0
440
学生・新卒・ジュニアから目指すSRE
hiroyaonoe
2
570
データの整合性を保ちたいだけなんだ
shoheimitani
8
3k
Frontier Agents (Kiro autonomous agent / AWS Security Agent / AWS DevOps Agent) の紹介
msysh
3
150
(金融庁共催)第4回金融データ活用チャレンジ勉強会資料
takumimukaiyama
0
140
ZOZOにおけるAI活用の現在 ~開発組織全体での取り組みと試行錯誤~
zozotech
PRO
5
4.9k
変化するコーディングエージェントとの現実的な付き合い方 〜Cursor安定択説と、ツールに依存しない「資産」〜
empitsu
4
1.3k
Featured
See All Featured
What’s in a name? Adding method to the madness
productmarketing
PRO
24
3.9k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.3k
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
akademiya2063
PRO
1
54
Side Projects
sachag
455
43k
Learning to Love Humans: Emotional Interface Design
aarron
275
41k
Automating Front-end Workflow
addyosmani
1371
200k
Unlocking the hidden potential of vector embeddings in international SEO
frankvandijk
0
170
Amusing Abliteration
ianozsvald
0
96
Accessibility Awareness
sabderemane
0
49
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
640
Mobile First: as difficult as doing things right
swwweet
225
10k
How to Align SEO within the Product Triangle To Get Buy-In & Support - #RIMC
aleyda
1
1.4k
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
boris
shibayu36
masakiokuda
glaforge
thara0402
sansan33
takmin
hiroyaonoe
shoheimitani
msysh
takumimukaiyama
zozotech
empitsu
productmarketing
rmw
akademiya2063
sachag
aarron
addyosmani
frankvandijk
ianozsvald
sabderemane
nmsamuel
swwweet
aleyda
