CSRF issue:
REQUEST: ".$_REQUEST["csrf"]."
SESSION: ".$_SESSION["csrf"]."
FILE: ".$_SERVER["SCRIPT_NAME"]."
GET: ".var_export($_GET, true)."
POST: ".var_export($_POST, true)."

Many thanks!"); } // Set our security related headers header("X-Frame-Options: SAMEORIGIN"); // Only frames of same origin header("X-XSS-Protection: 1; mode=block"); // Turn on IE8-9 XSS prevention tools // header("X-Content-Security-Policy: allow 'self'"); // Only allows JS on same domain & not inline to run header("X-Content-Type-Options: nosniff"); // Prevent MIME based attacks ?>