[creepydata]

How is something like "Use CSP without allowing unsafe-* backdoors" in any way educational? If I'm a newbie web developer, even coming over from embedded systems, how do I know what CSP is? What do I use CSP for? How do I start with CSP? What do I do to configure CSP? What does CSP even stand for? I don't know, it wasn't even defined!

Basically, this is a useless listicle. If you know anything about web security you get nothing from it and if you don't know anything about web security you still get nothing from it.

[spydum]

You are right: checklist is not for education. If you don't know how to implement one of those items, you need to go learn. The checklist itself is still valuable, even to a seasoned security developer.

A checklist will not teach a pilot how to fly and land a plane, but it's value is not zero..

[aeronautic]

Try this to get you started:

https://www.troyhunt.com/understanding-csp-the-video-tutoria...

[creepydata]

I don't need to get started and I don't need that link; I, personally, know how to develop secure webapps. I am criticizing your listicle for being useless because it is. Your "educational" resource is not educational for anyone.