CSRF Guard Enable in IS

Hi Folks,

I have to enable CSRF Guard in our production environment urgently to fulfill certain security requirement:

  1. From the SAG documentation things are not pretty clear here.
  2. I have followed the steps an enabled it along with Excluded User Agents, Landing Pages and Unprotected URLs, though I am not sure if I have included everything but while trying so I am getting the below error only once, after that everytime I am invoking the service via HTTPS URL I am not getting anything.
  3. I am not very clear here on changes, if any, around DSP files (if yes which ones) from WmRoot package

One time error: CSRF attack detected. CSRF token is not present in the request URL: WmRoot/security-csrf-edit.dsp

Any lead around details must be appreciated.