Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introducción a HSTS
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Boris Quiroz
April 26, 2014
Technology
59
0
Share
Introducción a HSTS
Boris Quiroz
April 26, 2014
More Decks by Boris Quiroz
See All by Boris Quiroz
Secrets management with Vault
boris
0
65
Docker Images Best Practices
boris
0
58
Software Freedom Day 2015
boris
0
47
Code Driven Infrastructure
boris
0
74
hola mundo
boris
0
68
DevOps Tools: Chef + Vagrant
boris
0
230
Kitchen.CI
boris
0
120
Hands-on Lab
boris
0
83
Tech, Method & Philosophy for the cloud
boris
0
60
Other Decks in Technology
See All in Technology
SLI/SLO、「完全に理解した」から「チョットデキル」へ
maruloop
1
150
ボトムアップの改善の火を灯し続けろ!〜支援現場で学んだ、消えないための3つの打ち手〜 / 20260509 Kazuki Mori
shift_evolve
PRO
2
600
The 7 pitfalls of AI
ufried
0
200
多角的な視点から見たAGI
terisuke
0
130
Oracle Cloud Infrastructure presents managed, serverless MCP Servers for Oracle AI Database
thatjeffsmith
0
200
Every Conversation Counts
kawaguti
PRO
0
170
ハーネスエンジニアリング入門
hatyibei
0
110
エンタープライズの厳格な制約を開発者に意識させない:クラウドネイティブ開発基盤設計/cloudnative-kaigi-golden-path
mhrtech
0
370
CyberAgent YJC Connect
shimaf4979
1
170
20260507-ACL-seminar
satoshi5884
0
100
(きっとたぶん)人材育成や教育のような何かの話
sejima
0
670
カオナビに Suspenseを導入するまで / The Road to Suspense at kaonavi
kaonavi
1
440
Featured
See All Featured
Test your architecture with Archunit
thirion
1
2.2k
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
110
Stop Working from a Prison Cell
hatefulcrawdad
274
21k
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
290
Game over? The fight for quality and originality in the time of robots
wayneb77
1
170
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Visualization
eitanlees
150
17k
AI Search: Where Are We & What Can We Do About It?
aleyda
0
7.4k
We Are The Robots
honzajavorek
0
220
RailsConf 2023
tenderlove
30
1.4k
Believing is Seeing
oripsolob
1
120
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.2k
Transcript
HSTS WTF?
None
HTTP Strict Transport Security
Asegurar que la comunicación no encriptada no es permitida en
nuestro sitio para mitigar ataques como por ejemplo SSL-stripping.
None
¡BIEN!
None
¡MAL!
1. El usuario va a preyproject.com 2. El browser agregará
el http:// y hará el request a http://preyproject.com 3. El server responderá con un 301 a https://preyproject.com 4. El browser hace el request a https://preyproject.com HSTS disabled
HSTS enabled 1. El usuario va a preyproject.com 2. HSTS
convertirá automáticamente el link de HTTP a HTTPS
Compatibilidad Chrome, Firefox, Opera desde hace 3 versiones. Safari 7.0
IE 12+
El header Strict-Transport-Security: max-age:31536000; includeSubdomains
None
Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Rails config.force_ssl = true La
config
PRELOAD LISTS
¿Preguntas? Boris Quiroz SRE Preyproject.com
SiteGround - Reliable hosting with speed, security, and support you can count on.
boris
maruloop
shift_evolve
ufried
terisuke
thatjeffsmith
kawaguti
hatyibei
mhrtech
shimaf4979
satoshi5884
sejima
kaonavi
thirion
marketingsoph
hatefulcrawdad
szymonslowik
wayneb77
chriscoyier
eitanlees
aleyda
honzajavorek
tenderlove
oripsolob
charlesmeaden
