Content Security Policy Explained: How to Stop XSS with HTTP Headers
A Content Security Policy is the most effective browser-level defence against cross-site scripting attacks. Here's how CSP works, what the directives mean, and how to build one without breaking your site.
CSV Files Explained: Delimiters, Quoting Rules, and Encoding Pitfalls
CSV is the most universal data exchange format — and the most inconsistently implemented. Here's the complete guide to how CSV actually works, why it breaks, and how to handle edge cases correctly.
How VPNs Actually Work: Tunnels, Encryption, and What They Don't Protect Against
VPNs are heavily marketed but poorly understood. Here's what a VPN actually does to your traffic, what it genuinely protects against, and the common privacy myths that won't hold up to scrutiny.
JSON Schema Explained: How to Validate Your Data Structure
JSON Schema lets you define exactly what valid JSON looks like — types, required fields, allowed values, and nested structures. Here's how to write schemas that actually catch real errors.
Two-Factor Authentication Explained: TOTP, SMS, and Hardware Keys Compared
2FA adds a second verification step to logins — but not all 2FA methods are equally secure. Here's how TOTP authenticator apps work technically, and why SMS 2FA is weaker than most people think.
How PDFs Actually Work: Structure, Fonts, and Why They're So Difficult to Edit
PDF is the most universal document format — and one of the most misunderstood. Understanding its structure explains why editing PDFs is hard, why fonts go missing, and how tools like compression and redaction actually work.
HEX, RGB, HSL, and OKLCH: Which Color Format Should You Use in CSS?
CSS supports six color formats. Most developers use HEX by default, but HSL and OKLCH are far more useful for design systems and dynamic theming. Here's how each format works and when to reach for which.
URL Encoding Explained: Why %20 Means Space and How Percent Encoding Works
URLs can only contain a specific set of characters. Everything else must be percent-encoded. Understanding the rules prevents hard-to-debug bugs in APIs, redirect chains, and query string handling.
Cookies vs localStorage vs sessionStorage: When to Use Each
All three store data in the browser, but they have fundamentally different security properties, persistence behaviour, and use cases. Using the wrong one is one of the most common security mistakes in web development.
Calorie Deficit, BMR, and Macros: How to Calculate Your Actual Daily Needs
Most calorie calculators give you a number with no explanation. Here's the actual science behind BMR, TDEE, deficit targets, and macro splits — so you understand why the numbers are what they are.
Markdown Cheat Sheet: The Complete Syntax Reference with Examples
Markdown is the default format for READMEs, documentation, and static site generators. This is the complete reference — from basic formatting to tables, task lists, and footnotes.
How DNS Works: The Internet's Phone Book Explained Step by Step
Every time you type a URL, DNS translates it into an IP address. Understanding the full lookup chain — and the types of DNS records — demystifies a huge amount of networking, debugging, and security.
JPEG, PNG, WebP, and AVIF: Which Image Format Should You Use?
Choosing the wrong image format is one of the most common performance mistakes on the web. Here's a practical guide to what each format does well, when to use each, and how compression actually works.
HTTP Status Codes Explained: Every Code You'll Actually Encounter
200, 301, 404, 500 — most developers know these four. But what about 429, 307, 422, or 503? Here's a practical guide to every status code you'll encounter in the real world.
Compound Interest Explained: The Maths Behind Long-Term Wealth Building
Compound interest is the most powerful force in personal finance — and the most misunderstood. Here's exactly how it works, why the frequency matters, and how to calculate it yourself.
Unix Timestamps Explained: Why Computers Count Seconds from January 1, 1970
Nearly every programming language, database, and API represents time as a Unix timestamp. Here's where that number comes from, what problems it solves, and how to work with it reliably.
CSS Custom Properties: How to Use Variables for Consistent, Maintainable Design
CSS custom properties (variables) eliminate magic values and make theming, dark mode, and responsive design dramatically simpler. Here's how to use them properly and where they differ from preprocessor variables.
How QR Codes Work: Encoding, Error Correction, and What's Inside the Pattern
QR codes look like random noise, but every pixel follows strict rules. Understanding the structure reveals why they can be damaged, decorated, and still scan correctly.
MD5, SHA-256, and Bcrypt: Which Hash Function Should You Use?
Not all hash functions are created equal. MD5 is broken, SHA-256 is fast, and bcrypt is deliberately slow — and each property matters for a different use case. Here's when to use which.
Base64 Encoding Explained: What It Is, Why It Exists, and When to Use It
Base64 is everywhere — in JWTs, email attachments, data URIs, and API keys. But most developers don't know why it exists or when they should actually use it. Here's the complete picture.
Browser Fingerprinting Explained: What Sites See and How to Check Yours
Browser fingerprinting tracks you across the web without cookies — using your browser version, screen size, fonts, and hardware. Here's exactly how it works and what you can do about it.
How to Generate a Truly Strong Password (Without a Password Manager)
Most password advice is outdated or wrong. Here's what actually makes a password strong in 2026, how attackers crack weak ones, and how to generate uncrackable passwords right in your browser.
Understanding CSS Units: px, rem, em, vw — When to Use Each
CSS has over a dozen length units, and the wrong choice causes layout bugs, accessibility failures, and maintenance headaches. Here's a clear mental model for picking the right unit every time.
Convert WebP to JPG Without Losing Quality (No Software Needed)
WebP images from Chrome screenshots, Google downloads, and modern CMSes often need to be converted to JPG for compatibility. Here's how to do it instantly in your browser with no quality loss.
How to Calculate BMI: Formula, Limitations, and What It Actually Means
BMI is one of the most widely cited health metrics — and one of the most misunderstood. Here's the formula, what the categories mean, and where BMI falls short as an individual health indicator.
JSON vs YAML: When to Use Each and How to Convert Between Them
JSON and YAML describe the same data structures but make different trade-offs on readability, strictness, and tooling. Here's when to reach for each one — and how to convert between them in seconds.
Regex Cheat Sheet: 20 Patterns Every Developer Uses
Regular expressions are one of the most powerful tools in a developer's toolkit — and one of the most misunderstood. Here are the 20 patterns you'll reach for over and over, with plain-English explanations.
JWT Tokens Explained: How to Decode and Read Them Without Code
JSON Web Tokens appear in every modern auth flow, but few developers know what's actually inside them. Learn how JWTs are structured, what each part means, and how to read them instantly in your browser.