Enterno.io Glossary: DNS, SSL, HTTP, Security
We explain key web infrastructure terms in plain language — with examples and links to checking tools. Updated weekly.
Security 16
503 Service Unavailable: Definition and Applications
TL;DR: 503 Service Unavailable — server temporarily cannot handle the request. Causes: maintenance, overload, downstream service unavailable (DB, Redis, upstream API). Response sho…
Read →CSRF: Definition and Applications
TL;DR: CSRF (Cross-Site Request Forgery) — attack where the adversary makes the victim's browser send a request to another site with the victim's credentials (cookies). Defence: CS…
Read →DDoS attack: Definition and Applications
TL;DR: DDoS (Distributed Denial of Service) — attack on service availability by overloading resources (CPU, bandwidth, connections). Types: SYN flood (L4), HTTP flood (L7), UDP amp…
Read →HSTS: Definition, Syntax, and Examples
TL;DR: HSTS (HTTP Strict Transport Security) is a header that forces the browser to always use HTTPS for a domain, even if the user types http:// or clicks an old http link. Config…
Read →HSTS Preload: Definition, Use Cases, and Examples
TL;DR: HSTS Preload is a domain list baked into browsers (Chrome, Firefox, Safari, Edge). All requests to preloaded domains ALWAYS use HTTPS, even on the first visit. Submit at hst…
Read →What is JWK
Key idea: JWK (JSON Web Key, RFC 7517) — a JSON representation of a cryptographic key (RSA, EC, AES). Used in OAuth 2.0 and OpenID Connect to publish public keys that signed JWTs. …
Read →What is OAuth 2.0
Key idea: OAuth 2.0 (RFC 6749) is a delegated-authorization standard: app A gains the right to act on behalf of a user in service B without receiving the user's password. Don't con…
Read →What is PKCE
Key idea: PKCE (Proof Key for Code Exchange, RFC 7636) — an OAuth 2.0 extension protecting the authorization code from theft in public clients (SPAs, mobile apps without secure sto…
Read →Rate limiting: Definition and Applications
TL;DR: Rate limiting restricts requests from one client (IP, API key) per time unit. Defence against DDoS, brute-force, abuse. Standard implementations: token bucket (nginx limit_r…
Read →What is a Refresh Token
Key idea: Refresh token — a long-lived token (weeks/months) the client uses to obtain new short-lived access tokens without re-authenticating. Typical flow: access_token lives 15 m…
Read →SRI (Subresource Integrity): Definition, Use Cases, and Examples
TL;DR: SRI (Subresource Integrity) protects against CDN compromise. In <script src="..." integrity="sha384-..."> the integrity attribute contains a hash o…
Read →WAF: Definition and Use Cases
TL;DR: WAF (Web Application Firewall) is an application-layer filter that blocks malicious HTTP requests: SQL injection, XSS, path traversal, CSRF. Popular solutions: Cloudflare, A…
Read →What is WebAuthn and Passkeys
Key idea: WebAuthn (Web Authentication) — W3C standard (2019) for passwordless authentication. Users register an "authenticator" (TouchID, Windows Hello, Yubikey security key) → lo…
Read →Webhook Signing
Key idea: Webhook signing is a mechanism where the sender adds an HMAC signature of the payload to an HTTP header, and the receiver verifies the signature with a shared secret. Wit…
Read →XSS: Definition and Applications
TL;DR: XSS (Cross-Site Scripting) — vulnerability allowing an attacker to inject JavaScript into a victim's page. Types: Stored (in DB), Reflected (via URL), DOM-based (via JS). De…
Read →What is Zero Trust
Key idea: Zero Trust is a security model that replaces the classic perimeter approach ("inside the network = trusted"). Principles: no user, device or service gets default trust; e…
Read →HTTP & APIs 12
What are CRDTs
Key idea: CRDT (Conflict-free Replicated Data Types) — a class of data structures that can be updated independently on multiple replicas and merged deterministically without confli…
Read →What is Edge Computing
Key idea: Edge Computing is a pattern where code runs on the nearest node (edge) to the user — usually in a CDN provider data center within a few hundred km of the client. Differen…
Read →What is GraphQL
Key idea: GraphQL — a query language for APIs + runtime, built by Facebook (2015). A single endpoint /graphql, clients specify which fields to return — no over-fetching / under-fet…
Read →What is gRPC
Key idea: gRPC (gRPC Remote Procedure Calls) is a high-performance open-source RPC framework from Google (2015). Uses Protocol Buffers for serialization (5-10× more compact than JS…
Read →What is Idempotency in APIs
Key idea: Idempotency is the property of an operation producing the same result whether executed once or many times. In HTTP: GET/PUT/DELETE are idempotent per RFC (a repeated requ…
Read →What is IndexedDB
Key idea: IndexedDB — a browser-built-in NoSQL database storing structured data (records, blobs, files) on the client. Async API, transactional, supports indexes, 100+ MB storage. …
Read →What is robots.txt
Key idea: robots.txt is a text file at the domain root (/robots.txt) telling search bots which URLs to crawl and which to skip. Robots Exclusion Protocol (REP, formalized in RFC 93…
Read →SLI / SLO / SLA
Key idea: SLI — a measured metric (e.g. "response time p99"). SLO — a target for the SLI (e.g. "p99 < 200ms"). SLA — a contractual commitment to customers (e.g. "99.9% uptime, othe…
Read →What is SSE
Key idea: SSE (Server-Sent Events, EventSource API) — a standard for streaming data from server to client over plain HTTP. Client opens a GET to the endpoint with Accept: text/even…
Read →What is Token Bucket
Key idea: Token Bucket — a rate-limiting algorithm where a "bucket" is filled with tokens at a constant rate (r tokens/sec). Each request consumes 1 token. If the bucket is empty →…
Read →What is a Webhook
Key idea: A webhook is a mechanism where service A issues an HTTP POST to your URL when something happens. Opposite of polling: instead of "you ask every N seconds for updates" — "…
Read →What is WebSocket
Key idea: WebSocket (RFC 6455) — a protocol on top of TCP providing full-duplex bidirectional communication between browser and server. Unlike HTTP, the connection stays open; the …
Read →DNS & Domains 6
CAA record: Definition and Use Cases
TL;DR: CAA (Certificate Authority Authorization) is a DNS record specifying which CAs may issue SSL certificates for a domain. Prevents mis-issuance. Since 2017, CAs are required t…
Read →CNAME record: Definition, Syntax, and Examples
TL;DR: CNAME (Canonical Name) is a DNS record type that turns one domain into an alias of another. For example, www.example.com (CNAME) → example.com (actual address). The browser …
Read →DNSSEC: Definition and Applications
TL;DR: DNSSEC (DNS Security Extensions) is digital signing of DNS responses preventing cache poisoning and DNS hijacking. Uses a chain of trust: root → TLD → domain. Validated via …
Read →PTR record (reverse DNS): Definition, Use Cases, and Examples
TL;DR: PTR (Pointer) is a DNS record for reverse resolution: from IP to hostname. Stored in in-addr.arpa (IPv4) or ip6.arpa (IPv6) zones. Critical for email — without correct PTR, …
Read →SRV record: Definition, Use Cases, and Examples
TL;DR: SRV (Service) is a DNS record that specifies hostname and port for a service. Used by XMPP, SIP, Minecraft, Kerberos, LDAP. Format: _service._proto.name TTL IN SRV priority …
Read →What is a TLD
Key idea: TLD (Top-Level Domain) is the rightmost part of a domain name (.com in example.com, .ru in enterno.ru). Managed by ICANN. Types: gTLD (generic — .com, .org, .net), ccTLD …
Read →Performance 5
What are Core Web Vitals
Key idea: Core Web Vitals are three user-facing metrics Google uses to measure UX and factor into ranking: LCP (Largest Contentful Paint — when the main content paints), INP (Inter…
Read →What is p99 Latency
Key idea: p99 latency — the 99th percentile of response time: the value above which 1% of requests fall. It reflects the worst-case experience for roughly 1 out of 100 users. Matte…
Read →What are React Server Components
Key idea: React Server Components (RSC) — components that render exclusively on the server with zero JS bundle on the client. Direct DB, filesystem, secrets access in the component…
Read →What are Server Actions
Key idea: Server Actions — a Next.js App Router feature (stable since Next 14, 2023): async functions on the server callable directly from React components (form or button). No nee…
Read →What is a Service Worker
Key idea: A Service Worker is a JavaScript thread running separately from the page, intercepting network requests. The foundation of Progressive Web Apps: offline cache, push notif…
Read →SSL / TLS 4
What is mTLS
Key idea: mTLS (mutual TLS) — a TLS mode where not only the server but also the client presents a certificate. The server verifies the client cert against a trusted CA list → decid…
Read →What is OCSP and OCSP Stapling
Key idea: OCSP (Online Certificate Status Protocol) verifies whether an SSL certificate is revoked. Without OCSP Stapling the browser queries the CA's OCSP server on every new TLS …
Read →SNI: Definition, Use Cases, and Examples
TL;DR: SNI (Server Name Indication) is a TLS extension that lets the client specify a hostname at the start of the TLS handshake. Without SNI, a single IP could not serve multiple …
Read →TLS 1.3: Definition and Use Cases
TL;DR: TLS 1.3 is the 5th version of TLS (RFC 8446, 2018). 1-RTT handshake (faster than TLS 1.2 — 2 RTT), mandatory forward secrecy, weak ciphers removed (CBC mode, RC4). Productio…
Read →IP & Network 3
CDN: Definition and Use Cases
TL;DR: CDN (Content Delivery Network) is a distributed network of edge servers caching static content closer to users. Reduces latency, offloads the origin, protects from DDoS. Pop…
Read →IPv6: Definition, Use Cases, and Examples
TL;DR: IPv6 is the 6th version of the Internet Protocol. Address is 128 bits (2001:db8::1) instead of 32 bits in IPv4. Solves address exhaustion. In DNS it uses the AAAA record. Su…
Read →NTP: Definition, Use Cases, and Examples
TL;DR: NTP (Network Time Protocol) synchronises time across networks. UDP port 123. Stratum 0 (atomic clocks) → Stratum 1 (public NTP servers) → downstream. Critical for TLS certs,…
Read →Other 22
Load balancer: Definition and Applications
TL;DR: Load balancer distributes incoming traffic across backend servers. Layers: L4 (TCP/UDP by IP:port) and L7 (HTTP with URL/header/cookie routing). Algorithms: round-robin, lea…
Read →MIME type: Definition and Use Cases
TL;DR: MIME type (Media Type) is a content format declared via Content-Type header. Examples: text/html, application/json, image/jpeg. Determines how the browser processes the resp…
Read →Reverse proxy: Definition and Applications
TL;DR: Reverse proxy is a proxy server that sits in front of backend servers and handles incoming client requests. Typical duties: SSL termination, load balancing, caching, compres…
Read →Anycast: Definition and Applications
TL;DR: Anycast is a routing method where one IP address is served by multiple servers in different geographic locations. BGP chooses the nearest (by network metrics) for each clien…
Read →PoP (Point of Presence): Definition and Applications
TL;DR: PoP (Point of Presence) is a physical provider or CDN presence in a geographic region. CDN with 300+ PoPs delivers low latency globally: the client connects to the nearest P…
Read →BGP: Definition, Use Cases, and Examples
TL;DR: BGP (Border Gateway Protocol) routes traffic between autonomous systems (ASN) on the internet. Each major ISP advertises which IP prefixes it serves. BGP hijacking is an att…
Read →CORS: Definition, Syntax, and Examples
TL;DR: CORS (Cross-Origin Resource Sharing) is a browser security mechanism that controls requests from one domain to another. The server uses Access-Control-Allow-Origin header to…
Read →CORS preflight: Definition, Use Cases, and Examples
TL;DR: CORS preflight is an OPTIONS request that the browser sends before a "complex" cross-origin request (non-standard headers, PUT/DELETE methods). The server must res…
Read →CSP: Definition, Syntax, and Examples
TL;DR: CSP (Content Security Policy) is an HTTP header that defends against XSS. It declares an allowlist of script, style, image and font sources. Modern CSP uses nonce for inline…
Read →DKIM: Definition and Use Cases
TL;DR: DKIM (DomainKeys Identified Mail) is a cryptographic signature added to email by the sender. The public key is published in DNS (selector._domainkey.example.com); the privat…
Read →What is DMARC
Key idea: DMARC (Domain-based Message Authentication, Reporting and Conformance) is a policy telling mail servers what to do with messages that fail SPF or DKIM. Published as a _dm…
Read →HTTP/2: Definition and Use Cases
TL;DR: HTTP/2 is the 2nd version of HTTP featuring multiplexing (one TCP connection for many requests), header compression (HPACK), server push. Based on Google's SPDY. Supported b…
Read →HTTP/3: Definition and Use Cases
TL;DR: HTTP/3 is the 3rd version of HTTP, running over QUIC (UDP). Solves HTTP/2's head-of-line blocking problem. Faster recovery after packet loss, better for mobile. Supported by…
Read →IndexNow: Definition and Use Cases
TL;DR: IndexNow is a protocol (Bing + Yandex) for sites to notify search engines of URL updates. POST to api.indexnow.org with URL + key. Reindexing in minutes instead of hours. Su…
Read →sitemap.xml: Definition and Use Cases
TL;DR: sitemap.xml is an XML file listing every canonical URL for search engines. Contains loc, lastmod, changefreq, priority. Limit: 50,000 URLs / 50 MB per file. For large sites …
Read →JWT: Definition and Use Cases
TL;DR: JWT (JSON Web Token) is a compact cryptographic token consisting of three base64 parts separated by dots: header.payload.signature. It contains claims (user_id, roles, exp) …
Read →MTU: Definition, Use Cases, and Examples
TL;DR: MTU (Maximum Transmission Unit) is the maximum packet size that can be sent without fragmentation. Ethernet standard is 1500 bytes, PPPoE is 1492, VPN is usually 1400-1500. …
Read →MX record: Definition, Syntax, and Examples
TL;DR: MX (Mail Exchange) is a DNS record type that specifies mail servers for a domain. It contains a priority (lower number = higher priority) and the hostname of a mail server. …
Read →nginx vs Apache: Definition and Use Cases
TL;DR: nginx and Apache are the two top web servers. nginx — event-driven, async, faster for static and reverse proxy, lower RAM. Apache — process-per-request, flexible via .htacce…
Read →Redirect chain: Definition and Use Cases
TL;DR: Redirect chain is a sequence of 301/302 redirects for a single URL. Example: http://example.com → https://example.com → https://www.example.com → https://www.example.com/. L…
Read →SPF: Definition and Use Cases
TL;DR: SPF (Sender Policy Framework) is a DNS TXT record where the domain owner declares which IPs are allowed to send email on their behalf. Example: "v=spf1 include:_spf.goo…
Read →TTL: Definition and Use Cases
TL;DR: TTL (Time to Live) in DNS is the number of seconds resolvers cache a DNS record before querying again. Typical values: 300 (5 min — for frequently changing records), 3600 (1…
Read →