Edit based on feedback iliakan

6-data-storage/01-cookie/article.md

@@ -200,7 +200,7 @@ The browser sends cookies every time you visit the site `bank.com`, even if the
 
 That's a so-called "Cross-Site Request Forgery" (in short, XSRF) attack.
 
-Real banks are protected from it of course. All forms generated by `bank.com` have a special field, a so-called "XSRF protection token", that an evil page can't generate or extract from a remote page. It can submit a form there, but can't get the data back. Additionally, the site `bank.com` checks for such token in every form it receives.
+Real banks are protected from it of course. All forms generated by `bank.com` have a special field, a so-called "XSRF protection token", that an evil page can't generate or extract from a remote page. It can submit a form there, but can't get the data back. The site `bank.com` checks for such token in every form it receives.
 
 Such a protection takes time to implement though. We need to ensure that every form has the required token field, and we must also check all requests.
 
@@ -241,7 +241,7 @@ A `samesite=lax` cookie is sent if both of these conditions are true:
 
     That's usually true, but if the navigation is performed in an `<iframe>`, then it's not top-level. Also, JavaScript methods for network requests do not perform any navigation, hence they don't fit.
 
-So, what `samesite=lax` does, is to basically allow a most common "go to URL" operation to have cookies. E.g. opening a website link from notes that satisfy these conditions.
+So, what `samesite=lax` does, is to basically allow the most common "go to URL" operation to have cookies. E.g. opening a website link from notes that satisfy these conditions.
 
 But anything more complicated, like a network request from another site or a form submission, loses cookies.