Tag
Notes tagged “web”
Every note filed under web, newest first.
A filtered view of the notes.
2026
- The Header That Can't Be Cached
Cache-Control from first principles — and why a page carrying a CSP nonce must be told never to be stored, not merely "don't cache."
- Trust No Script
Why a strict Content Security Policy is one of the hardest headers to deploy — and how to read a real one with Google's CSP Evaluator.
- Can I Use This Library?
A strict CSP quietly turns every dependency into a security decision. Here is the tree I walk to make it — per library, and across a whole app.
- Scaffolding a Typographic Portfolio Site
The design philosophy behind this site — why it's built from durable tools and a purposeful type system instead of a framework, and why every choice is aimed at lasting.