Which of the following is the BEST way to prevent Cross-Site Request Forgery (XSRF) attacks?
Check the referrer field in the HTTP header
Disable Flash content
Use only cookies for authentication
Use only HTTPS URLs
XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web
application’s trust of a user who is known or is supposed to have been authenticated. This is accomplished by
changing values in the HTTP header and even in the user’s cookie to falsify access. It can be prevented by
embedding additional authentication data into requests that allows the web application to detect requests from
unauthorized locations. Examples are synchronizer token patterns, cookie-to-header tokens, and checking the
HTTP Referrer header and the HTTP Origin header.