Sequenced Path
Cookie Security
A focused series on securing HTTP cookies — covering the HttpOnly and SameSite attributes and their role in defending against XSS and CSRF attacks.
Built for: Readers who want a sequential path through one topic from start to finish.
What you should get from this path
- Follow the material in a deliberate order.
- Build understanding progressively instead of jumping between isolated references.
Follow in order
Move through these entries in sequence for the clearest progression.
HttpOnly Cookie Attribute: XSS Protection
Learn how the HttpOnly cookie attribute protects against XSS attacks by preventing JavaScript access to sensitive cookies.
Part 1 · beginner in this sequenced learning path.
SameSite Cookie Attribute: CSRF Protection
Learn how the SameSite cookie attribute prevents CSRF attacks, the differences between Strict, Lax, and None, and when to use each.
Part 2 · intermediate in this sequenced learning path.
More Learning Paths
Debug HTTP Problems in Production
A pragmatic troubleshooting stack for the failures engineers see most often.
Learn HTTP Fundamentals
A structured route through the core primitives, message flow, and debugging basics.
Ship Secure Auth and Cookies
A security-focused path for login state, browser credentials, and defensive HTTP defaults.