Tiny explainers grouped by topic. Spend less time Googling, more time building.
Practical, modern defaults for CSP, HSTS, Referrer-Policy, Permissions-Policy, COOP/COEP/CORP, X-Content-Type-Options, X-Frame-Options vs frame-ancestors, cookies, and cache controls—with NGINX/Apache/Express snippets.
Real-world settings and copy‑paste snippets for circuit breakers (closed/open/half‑open) and bulkheads (bounded concurrency/queues). Works with HTTP, gRPC, and message calls.
Freshness, validators, and directives: Cache-Control, ETag/Last-Modified, Vary, s-maxage, stale-while-revalidate, immutable. Patterns for APIs, HTML, and assets—plus CDN tips.
Design request deadlines, hop timeouts, and idempotent retries with jitter so you protect upstreams, tame tail latency, and avoid cascading failures.
Which status codes to use, how to shape errors consistently, and what to log so clients get clear signals and you get useful telemetry.
From DNS lookup to TLS to paint: the shortest useful tour of what the browser actually does after you hit Enter.
Live updates usually come down to one question: who needs to talk, and how often? This compares polling, SSE, and WebSockets by that decision.
Demystify the TLS handshake—ClientHello, ServerHello, certificates, ECDHE key exchange, session keys—and why HTTPS protects confidentiality, integrity, and authenticity.
A fast primer on Cross-Origin Resource Sharing—what “origin” means, how simple vs. preflighted requests work, when to send credentials, and the exact headers that fix the dreaded CORS error.