Security From Scratch: CSRF Rotation, CSP Nonces, Session Fingerprinting, and Rate Limiting
Built by someone with an ethical hacking background — CSRF token rotation with 30-min/2-hr/10-min grace periods, per-request CSP nonces, session fingerprinting via UA+Accept-Language hash, sliding-window rate limiting with atomic increments, and constant-time login failure responses.