Protect Against CSRF with Form Tokens
Details
CSRF (Cross-site Request Forgery) relies on known or predictable form values and a logged-in browser session.
Remediation
Each form submission should contain a token which was loaded with the form or at the beginning of a user session. Check this token on the server when receiving POST requests to ensure the user originated it. This capability is provided with major web platforms and can be implemented on forms with minimal custom development.