Title: CSRF Token
Last modified: June 20, 2023

---

# CSRF Token

 *  [dnaughton](https://wordpress.org/support/users/dnaughton/)
 * (@dnaughton)
 * [2 years, 11 months ago](https://wordpress.org/support/topic/csrf-token/)
 * Scanning a site with ZAP leads to alerts about the absence of Anti CSRF Tokens
   on Contact forms. I have captcha v3 running and have enabled NONCE as mentioned
   here but nothing has changed [https://contactform7.com/2017/08/18/contact-form-7-49/#:~:text=Contact%20Form%207%20verifies%20a,determine%20whether%20to%20verify%20nonces](https://contactform7.com/2017/08/18/contact-form-7-49/#:~:text=Contact%20Form%207%20verifies%20a,determine%20whether%20to%20verify%20nonces)
 * Is there any way to add anti-CSRF tokens to contact form 7 or any other approach
   I can use to eliminate these ZAP alerts?

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Plugin Author [Takayuki Miyoshi](https://wordpress.org/support/users/takayukister/)
 * (@takayukister)
 * [2 years, 11 months ago](https://wordpress.org/support/topic/csrf-token/#post-16835403)
 * Where can we see the website in question?
 *  Thread Starter [dnaughton](https://wordpress.org/support/users/dnaughton/)
 * (@dnaughton)
 * [2 years, 11 months ago](https://wordpress.org/support/topic/csrf-token/#post-16840420)
 * Hi Thanks for getting back to me. I’d prefer not to post the url on a public 
   forum. This is what Zap says:
 *  No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken,
   authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret,
   __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form:[
   Form 1: “_wpcf7” “_wpcf7_container_post” “_wpcf7_locale” “_wpcf7_posted_data_hash”“
   _wpcf7_recaptcha_response” “_wpcf7_unit_tag” “_wpcf7_version” “ak_js_1” “first-
   name” “last-name” “your-email” “your-subject” ].
 *  Plugin Author [Takayuki Miyoshi](https://wordpress.org/support/users/takayukister/)
 * (@takayukister)
 * [2 years, 11 months ago](https://wordpress.org/support/topic/csrf-token/#post-16841769)
 * [Welcome to Support Forum — Please Read Before Posting](https://wordpress.org/support/topic/welcome-to-support-forum-please-read-before-posting/)

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘CSRF Token’ is closed to new replies.

 * ![](https://ps.w.org/contact-form-7/assets/icon.svg?rev=2339255)
 * [Contact Form 7](https://wordpress.org/plugins/contact-form-7/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/contact-form-7/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/contact-form-7/)
 * [Active Topics](https://wordpress.org/support/plugin/contact-form-7/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/contact-form-7/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/contact-form-7/reviews/)

 * 3 replies
 * 2 participants
 * Last reply from: [Takayuki Miyoshi](https://wordpress.org/support/users/takayukister/)
 * Last activity: [2 years, 11 months ago](https://wordpress.org/support/topic/csrf-token/#post-16841769)
 * Status: not resolved