Cross-site request forgery - CSRF (Cross-site request forgery) is a type of malicious exploitation of a website by which unauthorized commands are transmitted from a user who trusts the website. Unlike cross-site scripting (XSS), which exploits a user’s trust for a particular site, CSRF exploits a site’s trust in a user’s browser.