| optionPartialMatchingEnabled | Define if ZAP should detect CSRF tokens by searching for partial matches |
| optionTokensNames | Lists the names of all anti-CSRF tokens |
| addOptionToken (String* ) | Adds an anti-CSRF token with the given name, enabled by default |
| removeOptionToken (String* ) | Removes the anti-CSRF token with the given name |
| setOptionPartialMatchingEnabled (Boolean* ) | Define if ZAP should detect CSRF tokens by searching for partial matches. |
| genForm (hrefId* actionUrl ) | Generate a form for testing lack of anti-CSRF tokens - typically invoked via ZAP |