{"id":28539,"date":"2018-05-04T09:09:29","date_gmt":"2018-05-04T07:09:29","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=28539"},"modified":"2018-05-04T09:09:29","modified_gmt":"2018-05-04T07:09:29","slug":"cross-site-request-forgery-csrf-prevention-cheat-sheet","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/04\/cross-site-request-forgery-csrf-prevention-cheat-sheet\/","title":{"rendered":"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet"},"content":{"rendered":"<!-- google_ad_section_start -->\n<p>&#8220;<a href=\"https:\/\/www.owasp.org\/index.php\/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet\">Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet<\/a>&#8221; is a list of general recommendations and specific techniques to protect web applications against the <a href=\"https:\/\/www.owasp.org\/index.php\/Cross-Site_Request_Forgery_(CSRF)\">CSRF<\/a> attacks.\u00a0 That is, before the <a href=\"https:\/\/mamchenkov.net\/wordpress\/2017\/08\/29\/the-end-of-csrf\/\">CSRF attacks will become obsolete<\/a>.<\/p>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>&#8220;Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet&#8221; is a list of general recommendations and specific techniques to protect web applications against the CSRF attacks.\u00a0 That is, before the CSRF attacks will become obsolete.<\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet #WebDev #security #browsers","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false,"_links_to":"","_links_to_target":""},"categories":[1,18,62,1334],"tags":[3069,20,200,1330],"keyring_services":[],"class_list":["post-28539","post","type-post","status-publish","format-standard","hentry","category-general","category-programming","category-technology","category-web-work","tag-best-practices","tag-browsers","tag-security","tag-web-development"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.10 - aioseo.com -->\n\t<meta name=\"description\" content=\"&quot;Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet&quot; is a list of general recommendations and specific techniques to protect web applications against the CSRF attacks. That is, before the CSRF attacks will become obsolete.\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Leonid Mamchenkov\"\/>\n\t<meta name=\"google-site-verification\" content=\"VHvdD0_usx1_4DzKy_QCVcICVgX2EgA2ybELT-wl7kQ\" \/>\n\t<link rel=\"canonical\" href=\"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/04\/cross-site-request-forgery-csrf-prevention-cheat-sheet\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.10\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Leonid Mamchenkov - Life, universe, and everything else\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet - Leonid Mamchenkov\" \/>\n\t\t<meta property=\"og:description\" content=\"&quot;Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet&quot; is a list of general recommendations and specific techniques to protect web applications against the CSRF attacks. That is, before the CSRF attacks will become obsolete.\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/04\/cross-site-request-forgery-csrf-prevention-cheat-sheet\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg\" \/>\n\t\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2018-05-04T07:09:29+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2018-05-04T07:09:29+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/MamchenkovBlog\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:site\" content=\"@mamchenkov\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet - Leonid Mamchenkov\" \/>\n\t\t<meta name=\"twitter:description\" content=\"&quot;Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet&quot; is a list of general recommendations and specific techniques to protect web applications against the CSRF attacks. That is, before the CSRF attacks will become obsolete.\" \/>\n\t\t<meta name=\"twitter:creator\" content=\"@mamchenkov\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/05\\\/04\\\/cross-site-request-forgery-csrf-prevention-cheat-sheet\\\/#blogposting\",\"name\":\"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet - Leonid Mamchenkov\",\"headline\":\"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet\",\"author\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#person\"},\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/05\\\/04\\\/cross-site-request-forgery-csrf-prevention-cheat-sheet\\\/#articleImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g\",\"width\":96,\"height\":96,\"caption\":\"Leonid Mamchenkov\"},\"datePublished\":\"2018-05-04T09:09:29+02:00\",\"dateModified\":\"2018-05-04T09:09:29+02:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/05\\\/04\\\/cross-site-request-forgery-csrf-prevention-cheat-sheet\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/05\\\/04\\\/cross-site-request-forgery-csrf-prevention-cheat-sheet\\\/#webpage\"},\"articleSection\":\"All, Programming, Technology, Web work, best practices, browsers, security, web development\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/05\\\/04\\\/cross-site-request-forgery-csrf-prevention-cheat-sheet\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/#listItem\",\"name\":\"Technology\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/#listItem\",\"position\":2,\"name\":\"Technology\",\"item\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/programming\\\/#listItem\",\"name\":\"Programming\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/programming\\\/#listItem\",\"position\":3,\"name\":\"Programming\",\"item\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/programming\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/05\\\/04\\\/cross-site-request-forgery-csrf-prevention-cheat-sheet\\\/#listItem\",\"name\":\"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/#listItem\",\"name\":\"Technology\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/05\\\/04\\\/cross-site-request-forgery-csrf-prevention-cheat-sheet\\\/#listItem\",\"position\":4,\"name\":\"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/programming\\\/#listItem\",\"name\":\"Programming\"}}]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#person\",\"name\":\"Leonid Mamchenkov\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/05\\\/04\\\/cross-site-request-forgery-csrf-prevention-cheat-sheet\\\/#personImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g\",\"width\":96,\"height\":96,\"caption\":\"Leonid Mamchenkov\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\",\"url\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/\",\"name\":\"Leonid Mamchenkov\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/05\\\/04\\\/cross-site-request-forgery-csrf-prevention-cheat-sheet\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g\",\"width\":96,\"height\":96,\"caption\":\"Leonid Mamchenkov\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/05\\\/04\\\/cross-site-request-forgery-csrf-prevention-cheat-sheet\\\/#webpage\",\"url\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/05\\\/04\\\/cross-site-request-forgery-csrf-prevention-cheat-sheet\\\/\",\"name\":\"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet - Leonid Mamchenkov\",\"description\":\"\\\"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet\\\" is a list of general recommendations and specific techniques to protect web applications against the CSRF attacks. That is, before the CSRF attacks will become obsolete.\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2018\\\/05\\\/04\\\/cross-site-request-forgery-csrf-prevention-cheat-sheet\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\"},\"datePublished\":\"2018-05-04T09:09:29+02:00\",\"dateModified\":\"2018-05-04T09:09:29+02:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#website\",\"url\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/\",\"name\":\"Blog of Leonid Mamchenkov\",\"description\":\"Life, universe, and everything else\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#person\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet - Leonid Mamchenkov","description":"\"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet\" is a list of general recommendations and specific techniques to protect web applications against the CSRF attacks. That is, before the CSRF attacks will become obsolete.","canonical_url":"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/04\/cross-site-request-forgery-csrf-prevention-cheat-sheet\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"google-site-verification":"VHvdD0_usx1_4DzKy_QCVcICVgX2EgA2ybELT-wl7kQ","miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/04\/cross-site-request-forgery-csrf-prevention-cheat-sheet\/#blogposting","name":"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet - Leonid Mamchenkov","headline":"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet","author":{"@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author"},"publisher":{"@id":"https:\/\/mamchenkov.net\/wordpress\/#person"},"image":{"@type":"ImageObject","@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/04\/cross-site-request-forgery-csrf-prevention-cheat-sheet\/#articleImage","url":"https:\/\/secure.gravatar.com\/avatar\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g","width":96,"height":96,"caption":"Leonid Mamchenkov"},"datePublished":"2018-05-04T09:09:29+02:00","dateModified":"2018-05-04T09:09:29+02:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/04\/cross-site-request-forgery-csrf-prevention-cheat-sheet\/#webpage"},"isPartOf":{"@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/04\/cross-site-request-forgery-csrf-prevention-cheat-sheet\/#webpage"},"articleSection":"All, Programming, Technology, Web work, best practices, browsers, security, web development"},{"@type":"BreadcrumbList","@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/04\/cross-site-request-forgery-csrf-prevention-cheat-sheet\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress#listItem","position":1,"name":"Home","item":"https:\/\/mamchenkov.net\/wordpress","nextItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/#listItem","name":"Technology"}},{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/#listItem","position":2,"name":"Technology","item":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/","nextItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/#listItem","name":"Programming"},"previousItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/#listItem","position":3,"name":"Programming","item":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/","nextItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/04\/cross-site-request-forgery-csrf-prevention-cheat-sheet\/#listItem","name":"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet"},"previousItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/#listItem","name":"Technology"}},{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/04\/cross-site-request-forgery-csrf-prevention-cheat-sheet\/#listItem","position":4,"name":"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet","previousItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/#listItem","name":"Programming"}}]},{"@type":"Person","@id":"https:\/\/mamchenkov.net\/wordpress\/#person","name":"Leonid Mamchenkov","image":{"@type":"ImageObject","@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/04\/cross-site-request-forgery-csrf-prevention-cheat-sheet\/#personImage","url":"https:\/\/secure.gravatar.com\/avatar\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g","width":96,"height":96,"caption":"Leonid Mamchenkov"}},{"@type":"Person","@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author","url":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/","name":"Leonid Mamchenkov","image":{"@type":"ImageObject","@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/04\/cross-site-request-forgery-csrf-prevention-cheat-sheet\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g","width":96,"height":96,"caption":"Leonid Mamchenkov"}},{"@type":"WebPage","@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/04\/cross-site-request-forgery-csrf-prevention-cheat-sheet\/#webpage","url":"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/04\/cross-site-request-forgery-csrf-prevention-cheat-sheet\/","name":"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet - Leonid Mamchenkov","description":"\"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet\" is a list of general recommendations and specific techniques to protect web applications against the CSRF attacks. That is, before the CSRF attacks will become obsolete.","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/mamchenkov.net\/wordpress\/#website"},"breadcrumb":{"@id":"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/04\/cross-site-request-forgery-csrf-prevention-cheat-sheet\/#breadcrumblist"},"author":{"@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author"},"creator":{"@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author"},"datePublished":"2018-05-04T09:09:29+02:00","dateModified":"2018-05-04T09:09:29+02:00"},{"@type":"WebSite","@id":"https:\/\/mamchenkov.net\/wordpress\/#website","url":"https:\/\/mamchenkov.net\/wordpress\/","name":"Blog of Leonid Mamchenkov","description":"Life, universe, and everything else","inLanguage":"en-US","publisher":{"@id":"https:\/\/mamchenkov.net\/wordpress\/#person"}}]},"og:locale":"en_US","og:site_name":"Leonid Mamchenkov - Life, universe, and everything else","og:type":"article","og:title":"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet - Leonid Mamchenkov","og:description":"&quot;Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet&quot; is a list of general recommendations and specific techniques to protect web applications against the CSRF attacks. That is, before the CSRF attacks will become obsolete.","og:url":"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/04\/cross-site-request-forgery-csrf-prevention-cheat-sheet\/","og:image":"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg","og:image:secure_url":"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg","og:image:width":1024,"og:image:height":1024,"article:published_time":"2018-05-04T07:09:29+00:00","article:modified_time":"2018-05-04T07:09:29+00:00","article:publisher":"https:\/\/www.facebook.com\/MamchenkovBlog","twitter:card":"summary_large_image","twitter:site":"@mamchenkov","twitter:title":"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet - Leonid Mamchenkov","twitter:description":"&quot;Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet&quot; is a list of general recommendations and specific techniques to protect web applications against the CSRF attacks. That is, before the CSRF attacks will become obsolete.","twitter:creator":"@mamchenkov","twitter:image":"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg"},"aioseo_meta_data":{"post_id":"28539","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2023-07-20 05:18:39","updated":"2026-01-15 13:38:44","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/mamchenkov.net\/wordpress\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/\" title=\"Technology\">Technology<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/\" title=\"Programming\">Programming<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tCross-Site Request Forgery (CSRF) Prevention Cheat Sheet\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/mamchenkov.net\/wordpress"},{"label":"Technology","link":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/"},{"label":"Programming","link":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/programming\/"},{"label":"Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet","link":"https:\/\/mamchenkov.net\/wordpress\/2018\/05\/04\/cross-site-request-forgery-csrf-prevention-cheat-sheet\/"}],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":27883,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/08\/29\/the-end-of-csrf\/","url_meta":{"origin":28539,"position":0},"title":"The end of CSRF?","author":"Leonid Mamchenkov","date":"August 29, 2017","format":false,"excerpt":"\"The end of CSRF?\" blog post talks about the new feature coming to browsers - SameSite cookie enforcement, which will help in getting rid of Cross-Site Request Forgery (CSRF) attacks. \u00a0Too bad this is currently only supported by Google Chrome (both desktop and mobile), and Opera. \u00a0But I'm sure it's\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":36383,"url":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/27\/intro-to-basic-web-application-security\/","url_meta":{"origin":28539,"position":1},"title":"Intro to basic web application security","author":"Leonid Mamchenkov","date":"February 27, 2019","format":false,"excerpt":"\"Intro to basic web application security\" is an excellent overview of the most common mistakes web developers make when it comes to security. The article provides practical examples (including code snippets and screenshots), which illustrate the problems and ways to solve them. The list includes: SQL injection (of course! no\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/security.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/security.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/security.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/security.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":21722,"url":"https:\/\/mamchenkov.net\/wordpress\/2014\/04\/29\/composer-cheat-sheet-for-developers\/","url_meta":{"origin":28539,"position":2},"title":"Composer Cheat Sheet for developers","author":"Leonid Mamchenkov","date":"April 29, 2014","format":"link","excerpt":"Composer Cheat Sheet for developers","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":28968,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/11\/12\/wordpress-configuration-cheat-sheet\/","url_meta":{"origin":28539,"position":3},"title":"WordPress Configuration Cheat Sheet","author":"Leonid Mamchenkov","date":"November 12, 2018","format":false,"excerpt":"\"WordPress Configuration Cheat Sheet\" is a collection of about 10 tips for a more secure WordPress configuration file.\u00a0 Obviously, not all of them can always be applied, but it's a good idea to review your own settings once in a while and to disable unnecessary bits.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27730,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/06\/27\/graphical-vi-vim-cheat-sheet-and-tutorial\/","url_meta":{"origin":28539,"position":4},"title":"Graphical vi-vim Cheat Sheet and Tutorial","author":"Leonid Mamchenkov","date":"June 27, 2017","format":false,"excerpt":"Graphical vi-vim Cheat Sheet and Tutorial is yet another attempt to explain and visualize Vim commands to the editor's new users. This is a single page describing the full vi\/vim input model, the function of all keys, and all major features. You can see it as a compressed vi\/vim manual.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/06\/vi-vim-cheat-sheet-500x354.gif?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":16720,"url":"https:\/\/mamchenkov.net\/wordpress\/2012\/09\/18\/bash-redirections-cheat-sheet\/","url_meta":{"origin":28539,"position":5},"title":"Bash Redirections Cheat Sheet","author":"Leonid Mamchenkov","date":"September 18, 2012","format":"link","excerpt":"Bash Redirections Cheat Sheet Even the experienced bash users will probably find a couple of new things in this cheat sheet.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/28539","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=28539"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/28539\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=28539"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=28539"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=28539"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=28539"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}