(Cross-Site Request Forgery) is an attack that impersonates a trusted user and sends a website unwanted commands. This can be done, for example, by including malicious parameters in a behind a link that purports to go somewhere else: CSRF URL < =" :// / ? = & =123"> img src https www .example .com index .php action delete id For users who have some permissions on , the element will execute action on without their noticed, even if the element is not at . https://www.example.com <img> https://www.example.com https://www.example.com There are many ways to prevent CSRF, such as implement , add secure token, etc. RESTful API Learn more General knowledge on Wikipedia Cross-site request forgery Prevention measures MDN security tutorial View Previous Terms: Block cipher mode of operation Certificate authority Challenge-response authentication Cipher Cipher suite Ciphertext CORS CORS-safelisted request header CORS-safelisted response header Cross-site scripting Cryptanalysis Cryptographic hash function Cryptography CSP Decryption Digital certificate DTLS (Datagram Transport Layer Security) Encryption Forbidden header name Forbidden response header name Hash HMAC HPKP HSTS HTTPS Key MitM OWASP Preflight request Public-key cryptography Reporting directive Robots.txt Same-origin policy Session Hijacking SQL Injection Symmetric-key cryptography TOFU Transport Layer Security (TLS) Credits Source: https://developer.mozilla.org/en-US/docs/Glossary/CSRF Published under license Open CC Attribution ShareAlike 3.0