Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser. (see Wikipedia)

Although CSRF violations can an indication of an attack, most are not caused by malicious actions but are merely a result of the user attempting to re-display a page. For example, a user might use the browser back-arrow or a saved link to re-display a page. If that page requires a CSRF code to modify the database, the attempted reuse of that code will be rejected. This protects both the user and the site from unintended actions.

If you see a Request Security Violation, think about what you just did. If you unintentionally re-displayed a page, simply move on, no harm done. If, however, you know of no action on your part that may have caused the violation and this occurs regularly, please contact us at 435-503-8955 or 800-764-0844.