Security bank CSRF & Request Forgery Security / 5 questions Your progress 0 / 5 done Saved in this browser. Reset All 5 Medium 4 Hard 1 Hide done No questions match those filters. 1 What is CSRF, and why does it work even though the attacker can't read the response? Medium 2 How do anti-CSRF tokens work? Medium 3 How does the `SameSite` cookie attribute mitigate CSRF, and what are its modes? Medium 4 Why are token-in-header auth schemes less vulnerable to CSRF than cookie-only ones? Hard 5 What is clickjacking, and how do `X-Frame-Options` and `frame-ancestors` prevent it? Medium ← Previous Cross-Site Scripting (XSS) Next → CSP & Security Headers