CSRF (Cross-Site Request Forgery) tricks users into making unwanted requests to a site they're authenticated on. Prevention: use CSRF tokens, SameSite cookies, and verify the Origin header.