Security security web vulnerabilities

What is CSRF (Cross-Site Request Forgery)?

Definition

CSRF is a web attack that tricks a user's browser into making unwanted requests to a site where they are authenticated. For example, an attacker's page could submit a form to transfer money from the victim's bank account.

Why It Matters

CSRF exploits the trust a server has in the user's browser. Prevention requires CSRF tokens (unique per session/request), SameSite cookie attributes, and checking the Origin/Referer headers. All server-side frameworks provide CSRF protection.

Related Free Tools

HTML Entity Encoder

Encode & decode HTML entities

Free · No signup

Related Terms

XSS (Cross-Site Scripting) Session Cookie

← All Terms Browse all tools →