Solutions to CSRF span both the Web application and Web browser. Like XSS, CSRF uses a Web site as a means to attack the browser. Although XSS attacks leave a trail of requests with suspicious characters, the traffic associated with a CSRF attack all appears legitimate and, with a few exceptions, all originates from the victim's browser. Even though there are no clear payloads or patterns for which a Web application can monitor, an application can protect itself by fortifying the work flows it expects users to follow.
alt1 Tip
Focus countermeasures on actions (clicks, form submissions) in the Web site that require the security context of the user. A user's security context comprises actions whose outcome or affected data require authentication and authorization specific to that user. Viewing the 10 most recent public posts on a blog is an action with an anonymous security context – unauthenticated site visitors are authorized to read anything marked public. Viewing that user's 10 most recent messages in a private inbox is an action in that specific user's context, all users must authenticate to read private messages, but they are only authorized to read messages addressed to themselves.