at the checkout our clients sometimes get a message "Access forbidden. CSRF attack is possible". CS Cart's helpdesk told me that "in most cases the issue with CSRF-attack appears because of the low value of the max_input_vars PHP directive on the server. In this case server truncates the request and if the security_hash parameter gets truncated, the error message appears."
However, we changed the parameter and the message still appears. Anyone faced this problem and knows how to fix it?