Sketching a threat model and concrete examples of mitigation.
https://w3c.github.io/webappsec-post-spectre-webdev/