CSRF

Cross-Site Request Forgery (CSRF) is an attack where a malicious website tricks a user's browser into sending authenticated requests to another site where the user is logged in. Because browsers automatically include cookies with cross-origin requests, an attacker can trigger state-changing actions (like fund transfers or account changes) without the user's knowledge. CSRF is mitigated using anti-CSRF tokens, the SameSite cookie attribute, and checking the Origin header. It is listed in the OWASP Top 10.

Why it matters for your website

• 1Listed in the OWASP Top 10 — one of the most critical web risks
• 2Can lead to data exfiltration, account takeover, or full system compromise
• 3Required to fix before passing security reviews for enterprise customers