Forum Discussion
nathe
Nov 21, 2016Cirrocumulus
At a high level it injects a Javascript token into the response. See Overview of the ASM CSRF protection feature for more details.
For this reason it may not always be compatible with you web application and so i would strongly suggest a DEV or UAT environment first. If the web app itself can be configured to use CSRF protection then that's probably the best place for it as it should integrate better. That being said if a web app doesn't allow this feature then using ASM is fairly simple and straightforward to setup.
Hope this helps,
N