Verify the authenticity token for each request, disallowing requests that don't include the correct token in either a param or the header. This prevents cross-site request forgery by ensuring any request which can potentially change data is coming from the current host. It can be disabled on a per-request basis by setting the app.config.authenticity.ignore array.