CSRF is (really) deadScott Helme Security researcher, entrepreneur and international speaker who specialises in web technologies. More posts by Scott Helme. A little while back I wrote a blog post about how "CSRF is dead". It focused on SameSite cookies, a powerful yet simple feature to protect your website against CSRF attacks. As powerful as it was, and as much as it will kill CSRF, you had to enable it on your site
