1. No CSRF Token At All

  2. Change Request Methods Get , POST , DELETE

  3. Remove The CSRF Token

  4. Try To Use Your CSRF Token On Another Account And Check If It’s not Tided With The Same User Session

  5. Try To See If The CSRF And CSRFkey Are Tided To The User Session Or Not

  6. check if the CSRF are duplicated anywhere and one of them is vulnerable

  7. Referer Based Attacks