Create a proof-of-concept HTML page for testing CSRF vulnerabilities.
Note: Browsers block scripts from setting certain forbidden headers like User-Agent, Origin, etc.