# Enable stateless CSRF protection for forms and logins/logouts
framework:
    csrf_protection:
        check_header: true