Tag

Notes tagged “csp”

Every note filed under csp, newest first.

A filtered view of the notes.

2026

  1. The Header That Can't Be Cached

    Cache-Control from first principles — and why a page carrying a CSP nonce must be told never to be stored, not merely "don't cache."

  2. Trust No Script

    Why a strict Content Security Policy is one of the hardest headers to deploy — and how to read a real one with Google's CSP Evaluator.

  3. Can I Use This Library?

    A strict CSP quietly turns every dependency into a security decision. Here is the tree I walk to make it — per library, and across a whole app.

Type to search · ↑↓ to move · ↵ to open · Esc to close