This parameter indicates whether the access will be denied when an CSRF attack is detected. This parameter needs to be "true" or "false". If omitted, "true" is used.