Check if your forms and API endpoints are protected against cross-site request forgery.
Cross-Site Request Forgery (CSRF) tricks authenticated users into performing unintended actions. Our scanner checks forms and state-changing endpoints for CSRF tokens, SameSite cookie attributes, and other anti-CSRF mechanisms.
Analyzes forms for CSRF token presence, checks cookie SameSite attributes, tests state-changing endpoints (POST/PUT/DELETE) for anti-CSRF protection, and verifies that the Referer/Origin headers are validated.
Without CSRF protection, an attacker can craft a malicious page that triggers actions on your site — transferring funds, changing passwords, or deleting data — while the victim is logged in. Modern frameworks have built-in CSRF protection, but it is often misconfigured.
Get a full security report with AI-powered fix suggestions in 30 seconds. No setup required.
Detect dangerous CORS policies that could allow unauthorized cross-origin access.
Configuration AuditAudit cookie flags, session management, and token security for your application.
Vulnerability DetectionTest your login, signup, and password reset flows for common security weaknesses.