Cross-Site Request Forgery (CSRF)

Detect Cross-Site Request Forgery vulnerabilities in your Salesforce app.

Lorenzo Frattini avatar
Written by Lorenzo Frattini
Updated over a week ago


Web browsers allow GET and POST requests to be made between different web sites. Cross-site request forgery (CSRF or XSRF) occurs when a user visits a malicious web page that makes their browser send requests to your application that the user did not intend.


  • Visualforce pags

  • Visualforce components

  • Apex controllers

Did this answer your question?