CSRF (Cross Site Request Forgery) is a mechanism to deny external requisitions to your site. E.g.: Given the URL “mysite.com/products” (the products form of a site) - that is the request URL. When it is made, the site verifies a hash generated at the moment it was just made. By that hash it is possible to know if the requisition was sent from your site or from another one (malicious or not). Django implementation: https://docs.djangoproject.com/en/dev/ref/contrib/csrf