diff --git a/net/vpn/cisco/anyconnect.txt b/net/vpn/cisco/anyconnect.txt
new file mode 100644
index 000000000..172049ebd
--- /dev/null
+++ b/net/vpn/cisco/anyconnect.txt
@@ -0,0 +1,4 @@
+https://its.gmu.edu/knowledge-base/how-to-install-cisco-anyconnect-on-linux/
+anyconnect-linux64-<ver>
+
+https://software.cisco.com/download
diff --git a/pl/java/libfws/spring/docs/presentations.txt b/pl/java/libfws/spring/docs/presentations.txt
index 963be603b..6f2d09375 100644
--- a/pl/java/libfws/spring/docs/presentations.txt
+++ b/pl/java/libfws/spring/docs/presentations.txt
@@ -3,6 +3,9 @@ https://www.youtube.com/user/SpringSourceDev/videos
 Borisov - Potroshitel
     https://www.youtube.com/playlist?list=PL6yLoZ_3Y0HKGL3F7vv2SNSrA3TkbXtBX
 
+2023
+LearnWithVinod - Spring Framework Masterclass 0:00 of 8:01:28
+    https://www.youtube.com/watch?v=zrOvL8KgbM0
 2018
 Hoeller - Spring Framework 5.1 on JDK 8 & 11
     https://www.youtube.com/watch?v=h6PUjxe-blw
diff --git a/pl/java/libfws/spring/security/features/cors.txt b/pl/java/libfws/spring/security/features/cors.txt
index 98a840a64..9bfb1ae64 100644
--- a/pl/java/libfws/spring/security/features/cors.txt
+++ b/pl/java/libfws/spring/security/features/cors.txt
@@ -1 +1,8 @@
 https://github.com/YouTubeProjectsCode/Spring_Secuirty-Angular_Authentication-CodeElevate/blob/main/Spring-Secuirty-Jwt-In-Spring-Boot-3/src/main/java/com/springjwt/configuration/SimpleCorsFilter.java
+
+Headers
+    Access-Control-Allow-Origin: foreign domains (origins), that can access resources on our domain
+    Access-Control-Allow-Methods: ...
+    Access-Control-Allow-Headers: ... limitation, to which headers
+
+@CrossOrigin
diff --git a/pl/java/libfws/spring/security/features/csrf.txt b/pl/java/libfws/spring/security/features/csrf.txt
new file mode 100644
index 000000000..ac24b0103
--- /dev/null
+++ b/pl/java/libfws/spring/security/features/csrf.txt
@@ -0,0 +1,14 @@
+-H 'Cookie: JSESSIONID=...'
+-H 'X-CSRF-TOKEN: <UUID>'
+
+// CsrfCustomizer
+http.csrf(c -> {
+    c.ingnoringAntMatchers("/<some-endpoint>")
+})
+
+CsrfToken
+    getHeaderName()
+    getParameterName()
+    getToken()
+
+curl -H "X-IDENTIFIER: 12345" some-get-endpoint