Consider changing the example on the Introduction page

[arturjanc]

The XS-Leak described in the main example has the drawback of requiring cookies to be present on cross-site resource loads, and at this point both Safari and Chrome don't attach cookies by default.

It could be nice to use an example that works by default in most browsers, but I'm not sure what that could be, because we still want it to be simple and illustrative. Maybe something with a popup?

[terjanq]

Good point. We wanted to have as simple example as possible, the popup will increase the complexity significantly. The other example could be Cache-Probing, but I feel that this is also too complex for the introduction section.

I will try to think of a universal example, but I am leaning more towards adding a footnote about same-site lax by default.

[arturjanc]

I think a footnote could be a good compromise here, and it has the benefit of not requiring substantial changes.

If we do this, it may also be nice to mention Safari because they take a different approach but still protect from this specific attack, which is nice.