CSRF (Cross-Site Request Forgery)

An attack that tricks a user's browser into making unintended requests to a website where the user is authenticated. The attacker exploits the browser's automatic cookie inclusion to perform actions on behalf of the victim. Defenses include CSRF tokens (unique per-request values), SameSite cookie attributes, and checking the Origin and Referer headers.