Skip to content

Krishna's Tech Blog

All Posts Learning Certifications Notices

Krishna's Tech Blog

Practical engineering knowledge from years of building real systems.

232 articles · 1,340 flashcards · 67 decks

Content

All Articles
Salesforce
AWS
Search

Learning

Flashcards
Quizzes
Certifications
Reading List

More

Notices
Glossary
Site Stats
RSS Feed

© 2026 Krishna's Tech Blog. Built with Next.js.Site Stats·RSS

←All articles

Security13 min read

Content Security Policy: The HTTP Header That Stops Most XSS

Cross-site scripting has been the most common web vulnerability for 25 years. Most attempts to stop it (sanitization, escaping, validation) work most of the time and fail in the cases that matter. Content Security Policy is the browser-level defense that says 'only run scripts I authorized' -- and when it's deployed correctly, it stops virtually every XSS attack. Most teams don't deploy it correctly.

KP

Krishna Patil

August 18, 2025

Share

#security#csp#xss#browser#web

SeriesPart 169 of 172

Engineering Craft

TypeScript, CI/CD, databases, observability -- the skills that make code production-ready.

Previous

The Heap Data Structure: The Priority Queue That's Everywhere

Next

File Locking on Linux: flock, fcntl, and the Lock You Thought You Had

More in Security

TOCTOU Race Conditions: When Checking Isn't the Same as Doing

12 min read

TLS Handshake Explained: What Every Engineer Should Actually Know

13 min read

Threat Modeling for Engineers: STRIDE in Practice

12 min read

Study This Topic

AWS Cognito & Authentication

20 cards · intermediate

AWS IAM & Security

20 cards · intermediate

Salesforce Security Model

20 cards · intermediate

Older

Container Orchestration Beyond Kubernetes: Nomad, ECS, and When K8s Is Overkill

Newer

Continuous Delivery vs Continuous Deployment: The Distinction That Matters