$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Boris Quiroz
April 26, 2014
Technology
0
54
Introducción a HSTS
Boris Quiroz
April 26, 2014
Tweet
Share
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
58
Docker Images Best Practices
boris
0
56
Software Freedom Day 2015
boris
0
45
Code Driven Infrastructure
boris
0
69
hola mundo
boris
0
64
DevOps Tools: Chef + Vagrant
boris
0
230
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
79
Tech, Method & Philosophy for the cloud
boris
0
54
Other Decks in Technology
See All in Technology
Snowflakeでデータ基盤を もう一度作り直すなら / rebuilding-data-platform-with-snowflake
pei0804
4
1.4k
初めてのDatabricks AI/BI Genie
taka_aki
0
100
意外とあった SQL Server 関連アップデート + Database Savings Plans
stknohg
PRO
0
310
AI活用によるPRレビュー改善の歩み ― 社内全体に広がる学びと実践
lycorptech_jp
PRO
1
200
エンジニアリングマネージャー はじめての目標設定と評価
halkt
0
280
AIと二人三脚で育てた、個人開発アプリグロース術
zozotech
PRO
1
710
[CMU-DB-2025FALL] Apache Fluss - A Streaming Storage for Real-Time Lakehouse
jark
0
110
非CUDAの悲哀 〜Claude Code と挑んだ image to 3D “Hunyuan3D”を EVO-X2(Ryzen AI Max+395)で動作させるチャレンジ〜
hawkymisc
1
170
GitHub Copilotを使いこなす 実例に学ぶAIコーディング活用術
74th
3
2.7k
SSO方式とJumpアカウント方式の比較と設計方針
yuobayashi
7
600
会社紹介資料 / Sansan Company Profile
sansan33
PRO
11
390k
AWS Bedrock AgentCoreで作る 1on1支援AIエージェント 〜Memory × Evaluationsによる実践開発〜
yusukeshimizu
6
390
Featured
See All Featured
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
508
140k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
132
19k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
1
100
Building Adaptive Systems
keathley
44
2.9k
How to Think Like a Performance Engineer
csswizardry
28
2.4k
Testing 201, or: Great Expectations
jmmastey
46
7.8k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.1k
Java REST API Framework Comparison - PWX 2021
mraible
34
9k
The Cult of Friendly URLs
andyhume
79
6.7k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.6k
The World Runs on Bad Software
bkeepers
PRO
72
12k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
35
2.3k
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
boris
pei0804
taka_aki
stknohg
lycorptech_jp
halkt
zozotech
jark
hawkymisc
74th
yuobayashi
sansan33
yusukeshimizu
chriscoyier
morganepeng
tammyeverts
keathley
csswizardry
jmmastey
irinanazarova
mraible
andyhume
marktimemedia
bkeepers
marcduiker
