We just recently (read, today) implemented SameSite cookies to prevent CSRF attacks. The thing is, while there's a decent amount of information online about the benefits of them, I can't find any other sites that implement them. Not even any of the big ones I would suspect were spearheading something like this, such as Facebook or Google. Didn't this begin as a Chrome project? Is there a reason why they're not in use?