Magento is delivering superior security to all of their clients and has been actively investigating the root cause of the reported issue and try to fix for security issue found in the system.
To prevent CSRF attacks for Magento backend you need to enable Add Secret Key to URLs, Out of the box, Magento provides this feature as enabled.
To reduce potential CSRF attacks in Magento 2 do the following steps.
1. Login to Site Admin URL (e.g., your website.com/admin)
2. Click on Stores > Configuration > ADVANCED > Admin > Security > Add Secret Key to URLs
3. Select YES from the dropdown options.
4. Click on Save Config at top.
Using this you can prevent CSRF attacks in Backend and your URL contains secret key/value pair at suffix.
http://127.0.0.1/mage231/admin/sales/order/index/key/63322b22ce8ed5fc340261a80b8c19bba5ee96080abfecb9cb251a40dd094a1e/
In above Url, key/63322b22ce8ed5fc340261a80b8c19bba5ee96080abfecb9cb251a40dd094a1e
pair is added to the url at end.