Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) image
Cross-Site Request Forgery (CSRF) is when your browser gets tricked into doing something, like submitting a form using your login, without you knowing.

It works because browsers send your cookies automatically, even if the request comes from another site. That means an attacker can abuse your login to perform actions on your behalf.

Best way to stop it?

Use CSRF tokens, set SameSite on cookies, and don’t trust requests just because the user’s logged in.
Explore MoT
QA Leadership Summit - The AI-Native Edge: Leading the Future of QA image
QALS Summer 2026: a leadership summit to move beyond AI testing pilots and build production-ready, AI-first QA organizations - powered by the BrowserStack AI Test Platform and 25+ connected AI agents
MoT Software Testing Essentials Certificate image
Boost your career in software testing with the MoT Software Testing Essentials Certificate. Learn essential skills, from basic testing techniques to advanced risk analysis, crafted by industry experts.
This Week in Quality image
Debrief the week in Quality via a community radio show hosted by Simon Tomes and members of the community
Subscribe to our newsletter