security en
Cross-site request forgery
security
Also called: CSRF
Plain-language definition
Plain-language definition
An attack that tricks a signed-in browser into sending an unwanted request.
Why it matters
CSRF protection prevents another site from silently changing account or payment settings.
Technical detail
Cross-site request forgery abuses ambient credentials such as cookies when a state-changing endpoint does not verify request origin or an unpredictable CSRF token.
Examples
- A malicious page attempts to submit a payout-change form using the victim’s active session.
Related terms
Sources and review
Reviewed July 12, 2026 by e2e-1783854138445-0citu53rtqqe@test.repairyour.tech. Next review due January 11, 2027.
- Cross Site Request Forgery — OWASP Foundation Accessed 7/11/2026
See something we should improve?
Suggest a correction to “Cross-site request forgery.” Suggestions are reviewed before the published definition changes.