"csrftoken" Cookie
Description
Used by many systems for Cross Site Request Forgery protection.
Details
- Cookie Name
- csrftoken
- Category
- Necessary
- Popularity
- 0.6% of scanned websites
- Data Source
- Cookie is
Consent Requirement
This cookie is classified as necessary and typically does not require consent. It is essential for basic website functionality.
Consent Requirements by Regulation
GDPR & ePrivacy (EU)
Exempt from prior consent under the strictly necessary exemption (ePrivacy Directive Article 5(3)), provided csrftoken is genuinely required for the service the visitor requested. It must still be listed in your cookie policy.
UK GDPR & PECR
Exempt from consent under PECR Regulation 6(4) when strictly necessary. Disclosure in your cookie policy is still required.
CCPA/CPRA (California)
No opt-out is required for strictly necessary cookies, but csrftoken must be disclosed in your privacy policy.
Managing csrftoken with a Consent Banner
A consent management platform lists csrftoken in the banner's cookie table under the necessary category. Because it is strictly necessary, it stays active without an opt-in, but disclosing it keeps your cookie policy accurate. Kukie.io's scanner detects it automatically and keeps the disclosure up to date as your site changes.
Frequently Asked Questions
Does the csrftoken cookie require consent?
How common is the csrftoken cookie?
How do I block or delete the csrftoken cookie?
Need help?
Discover all cookies on your site automatically and create a compliant consent banner.
Scan Your Website →Automatically manage consent for this cookie
Kukie.io handles cookie detection, categorisation, and consent collection - all in one platform.
Get Started Free →