Skip to content
Dashboard

Understanding CSRF attacks

Staff Developer Advocate

Understand the mechanics and risks of Cross-Site Request Forgery (CSRF) attacks, and discover crucial development practices.

Copy link to headingWhy Is CSRF Such a Big Deal?

Copy link to headingPreventing CSRF attacks

The request is deemed legitimate if it includes a CSRF token that matches the token previously issued for that user's session by the server
The request is deemed legitimate if it includes a CSRF token that matches the token previously issued for that user's session by the server

Copy link to headingSameSite Cookie Attribute

Copy link to headingCheck Referer Headers

Copy link to headingAvoid GET for State-Changing Operations

Ready to deploy?