Cross-Site Request Forgery (CSRF) protection
Cross-Site Request Forgery (CSRF) is a malicious technique in which unauthorized commands are crafted (by script or a link on a page, for example) to be sent by a user to a website that has been authenticated.
These options protect against Cross-Site Request Forgery (CSRF) attacks by modifying the non-setup pages to include a random string of characters in the URL parameters or as a hidden embedded field. The system then verifies this string of characters and only executes the command if the value matches the expected value. There are various features for setting protection against CSRF attacks as per the following sections:
Enable CSRF protection on GET requests on non-setup pages
The Enable CSRF protection on GET requests on non-setup pages option protects against CSRF attacks on GET requests on non-setup pages.
This option is enabled by default and can only be disabled by request to Salesforce.com support.