Fix issue 37154: samesite description (#37189)

* Fix issue 37154: samesite description

* Update files/en-us/web/security/practical_implementation_guides/cookies/index.md

Co-authored-by: Hamish Willee <hamishwillee@gmail.com>

---------

Co-authored-by: Hamish Willee <hamishwillee@gmail.com>

files/en-us/web/security/practical_implementation_guides/cookies/index.md

@@ -37,7 +37,7 @@ To minimize the scope for cookie vulnerabilities on your site, limit access to c
 
   - : Forbid sending cookies via cross-origin requests (for example from {{htmlelement("img")}} elements) using `SameSite`. You should use one of the following two values:
 
-    - `SameSite=Strict`: Only send the cookie in same-site contexts (navigations and other requests). Cookies are omitted in same-origin contexts (e.g. navigating `a.example.com` to `b.example.com`), cross-site requests (e.g. hotlinking), and cross-site navigation (e.g. when following a link from a different web page). This is a very strict setting, but it does provide strong [CSRF](/en-US/docs/Web/Security/Practical_implementation_guides/CSRF_prevention) protection, so use this value if possible.
+    - `SameSite=Strict`: Only send the cookie in same-site contexts (navigations and other requests). Cookies are omitted in cross-site requests (e.g. embedding images or other resources from other sites) and cross-site navigation (e.g. when following a link from a different web page). This is a very strict setting, but it does provide strong [CSRF](/en-US/docs/Web/Security/Practical_implementation_guides/CSRF_prevention) protection, so use this value if possible.
     - `SameSite=Lax`: Send the cookie in same-site requests and when navigating _to_ your website. This should be used if `Strict` is too restrictive.
 
     Both of the above values are useful in protecting against [Clickjacking](/en-US/docs/Glossary/Clickjacking) attacks in cases that rely on the user being authenticated.