enforceCSRFToken

The enforceCSRFToken option runs the anti-CSRF validation against Decision Service to prevent cross-site request forgery (CSRF) vulnerabilities.

Examples:

enforceCSRFToken="false" Default. The CSRF token is not required in custom code web requests using Decision API. Updates of custom code are not necessary.
enforceCSRFToken="true" The CSRF token is required in custom code web requests using Decision API. Updates of custom code to include the CSRF token are needed for additional security validation in CPM.