Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Boris Quiroz
April 26, 2014
Technology
0
54
Introducción a HSTS
Boris Quiroz
April 26, 2014
Tweet
Share
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
58
Docker Images Best Practices
boris
0
56
Software Freedom Day 2015
boris
0
45
Code Driven Infrastructure
boris
0
69
hola mundo
boris
0
64
DevOps Tools: Chef + Vagrant
boris
0
230
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
79
Tech, Method & Philosophy for the cloud
boris
0
54
Other Decks in Technology
See All in Technology
「Managed Instances」と「durable functions」で広がるAWS Lambdaのユースケース
lamaglama39
0
300
ChatGPTで論⽂は読めるのか
spatial_ai_network
5
20k
Playwright x GitHub Actionsで実現する「レビューしやすい」E2Eテストレポート
kinosuke01
0
570
Edge AI Performance on Zephyr Pico vs. Pico 2
iotengineer22
0
140
re:Invent2025 コンテナ系アップデート振り返り(+CloudWatchログのアップデート紹介)
masukawa
0
350
AWSを使う上で最低限知っておきたいセキュリティ研修を社内で実施した話 ~みんなでやるセキュリティ~
maimyyym
2
300
大企業でもできる!ボトムアップで拡大させるプラットフォームの作り方
findy_eventslides
1
710
RAG/Agent開発のアップデートまとめ
taka0709
0
160
生成AI時代におけるグローバル戦略思考
taka_aki
0
120
Lambdaの常識はどう変わる?!re:Invent 2025 before after
iwatatomoya
1
450
AWS Bedrock AgentCoreで作る 1on1支援AIエージェント 〜Memory × Evaluationsによる実践開発〜
yusukeshimizu
6
390
A Compass of Thought: Guiding the Future of Test Automation ( #jassttokai25 , #jassttokai )
teyamagu
PRO
1
260
Featured
See All Featured
How STYLIGHT went responsive
nonsquared
100
6k
Building a Scalable Design System with Sketch
lauravandoore
463
34k
Why Our Code Smells
bkeepers
PRO
340
57k
We Have a Design System, Now What?
morganepeng
54
7.9k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
7.9k
Building an army of robots
kneath
306
46k
Raft: Consensus for Rubyists
vanstee
141
7.2k
Automating Front-end Workflow
addyosmani
1371
200k
What’s in a name? Adding method to the madness
productmarketing
PRO
24
3.8k
GraphQLの誤解/rethinking-graphql
sonatard
73
11k
Stop Working from a Prison Cell
hatefulcrawdad
273
21k
Building Flexible Design Systems
yeseniaperezcruz
330
39k
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
boris
.jpg){kind=avatar}
lamaglama39
spatial_ai_network
kinosuke01
iotengineer22
masukawa
maimyyym
findy_eventslides
taka0709
taka_aki
iwatatomoya
yusukeshimizu
teyamagu
nonsquared
lauravandoore
bkeepers
morganepeng
eileencodes
kneath
vanstee
addyosmani
productmarketing
sonatard
hatefulcrawdad
yeseniaperezcruz
