This classification matters the evolution of CSRF attacks up to 2010. It is not up-to-date and your critics are welcome. It ist meant as attachment to my B.Sc. thesis from 2010. The thesis is presented to the Department of Electrical Engineering and Information Sciences of the Ruhr-University of Bochum Chair of Network and Data Security of the Ruhr-University of Bochum, Horst-Görtz Institute, Prof. Jörg Schwenk