CSRF | Notion

Test all critical functionalities
Remove csrf token
Change the csrf token by 1 character
Remove the csrf token and its name
Reuse old csrf token
Use csrf token from other accounts
Check if the csrf token never change
Find endpoints that allow http with csrf token
Change the request method
Maybe the csrf is in the referer header (??)