I was very curious about the CSRF case study. It’s a bug class that had been very popular but then came the SameSite cookie attribute that’s a very effective measure against this bug class. There was only one way to find out if the SameSite attribute did kill CSRFs or...