ANSSI Reco-WebSec §4.7

Protection CSRF sur tous les formulaires POST

UnveilScan findings mapped to this control

The scanner emits 1 distinct finding on this control. Click "Scan a domain" below to see which of them currently apply to your site, with copy-paste remediation snippets (nginx, Apache, DNS BIND, web-server config).

web.csrf_token_missing ⏱ 2h

WEB — Csrf token missing

Risk if ignored: POST endpoints execute state changes on behalf of authenticated users via a hostile third-party page.

security

Also maps to 2 other controls

ISO 27001:2022 A.8.25 — Secure development life cycle
PCI-DSS 4.0 6.4.3 — Client-side tampering