Tiny explainers grouped by topic. Spend less time Googling, more time building.
Practical, modern defaults for CSP, HSTS, Referrer-Policy, Permissions-Policy, COOP/COEP/CORP, X-Content-Type-Options, X-Frame-Options vs frame-ancestors, cookies, and cache controls—with NGINX/Apache/Express snippets.
Real-world settings and copy‑paste snippets for circuit breakers (closed/open/half‑open) and bulkheads (bounded concurrency/queues). Works with HTTP, gRPC, and message calls.
Freshness, validators, and directives: Cache-Control, ETag/Last-Modified, Vary, s-maxage, stale-while-revalidate, immutable. Patterns for APIs, HTML, and assets—plus CDN tips.
Design request deadlines, hop timeouts, and idempotent retries with jitter so you protect upstreams, tame tail latency, and avoid cascading failures.
Status codes you should actually use, consistent error shapes (Problem Details, JSend), and production‑ready logging/observability—so clients get clear signals and you get actionable telemetry.
A concise, modern walkthrough of the path from address bar to pixels: DNS lookup, HTTP/3 & TLS 1.3 handshakes, CDNs & caching, request/response, and the rendering pipeline.
A practical comparison of three ways to push updates from server to browser. Learn how each works, trade‑offs, code snippets, scaling notes, and a quick decision guide.
Demystify the TLS handshake—ClientHello, ServerHello, certificates, ECDHE key exchange, session keys—and why HTTPS protects confidentiality, integrity, and authenticity.
A fast primer on Cross-Origin Resource Sharing—what “origin” means, how simple vs. preflighted requests work, when to send credentials, and the exact headers that fix the dreaded CORS error.