diff --git a/deeplake/requirements/common.txt b/deeplake/requirements/common.txt
index a2984cf82f..f32f765af9 100644
--- a/deeplake/requirements/common.txt
+++ b/deeplake/requirements/common.txt
@@ -15,6 +15,7 @@ av>=8.1.0; python_version >= '3.7' or sys_platform != 'win32'
 pydicom
 IPython
 flask
+Flask-WTF
 pyjwt
 laspy
 nibabel
diff --git a/deeplake/visualizer/video_streaming.py b/deeplake/visualizer/video_streaming.py
index 854474c38b..bf5f2744ab 100644
--- a/deeplake/visualizer/video_streaming.py
+++ b/deeplake/visualizer/video_streaming.py
@@ -2,6 +2,8 @@
 
 from typing import Optional, Callable, Tuple
 from flask import Flask, request, Response
+from flask_wtf import CSRFProtect
+
 from deeplake.core.meta.encode.chunk_id import ChunkIdEncoder
 from deeplake.core.storage import StorageProvider
 from deeplake.core.meta.encode.byte_positions import BytePositionsEncoder
@@ -175,6 +177,8 @@ def _stop_server():
 
 
 _APP = Flask("video_stream")
+csrf = CSRFProtect()
+csrf.init_app(_APP)
 
 
 @_APP.after_request
diff --git a/deeplake/visualizer/visualizer.py b/deeplake/visualizer/visualizer.py
index 5de1fee15c..da8eaaacd6 100644
--- a/deeplake/visualizer/visualizer.py
+++ b/deeplake/visualizer/visualizer.py
@@ -2,6 +2,8 @@
 from typing import Dict, Optional, Union
 import uuid
 from flask import Flask, request, Response
+from flask_wtf import CSRFProtect
+
 from deeplake.core.link_creds import LinkCreds  # type: ignore
 from deeplake.core.storage import StorageProvider
 from deeplake.core.storage.s3 import S3Provider
@@ -20,6 +22,8 @@
 
 _SERVER_THREAD: Optional[threading.Thread] = None
 _APP = Flask("dataset_visualizer")
+csrf = CSRFProtect()
+csrf.init_app(_APP)
 
 log = logging.getLogger("werkzeug")
 log.setLevel(logging.ERROR)