What is CSRF?

Definition

CSRF (Cross-Site Request Forgery) is an attack where a malicious website tricks a user's browser into making an unintended request to another site where the user is authenticated. Since browsers automatically include cookies, the forged request appears legitimate. Defenses include CSRF tokens (unique per-session or per-request), SameSite cookie attribute, checking Origin/Referer headers, and requiring re-authentication for sensitive actions.

Related Terms

More in Security