๐ŸŽซ
Security

CSRF tokens: form security

22.02.2025
โ† All articles

CSRF โ€” performing action on site as a logged-in user.

Mechanism

Logged into bank.uz โ†’ visit hacker.com โ†’ form silently submits POST to bank.uz.

CSRF token

Hidden input with random string. Server verifies.

SameSite cookies

Set-Cookie: SameSite=Strict.

Custom header

X-CSRF-Token for AJAX.

Related articles

๐Ÿ” Password managers โ€” choosing between Bitwarden, 1Password, LastPass and KeePass ๐Ÿฏ Honeypot โ€” hidden form field that catches bots and stops spam ๐Ÿ“„ /.well-known/security.txt โ€” security contact standard ๐Ÿ“‹ GDPR Compliance โ€” obligations for protecting European citizens' data
๐ŸŒ Language
๐Ÿ‡บ๐Ÿ‡ฟ O'zbek ๐Ÿ‡บ๐Ÿ‡ฟ ะŽะทะฑะตะบ ๐Ÿ‡ท๐Ÿ‡บ ะ ัƒััะบะธะน ๐Ÿ‡ฌ๐Ÿ‡ง English โœ“