diff --git a/agent/modals/network/network_add.php b/agent/modals/network/network_add.php
index 863f9a24..f6cfc11f 100644
--- a/agent/modals/network/network_add.php
+++ b/agent/modals/network/network_add.php
@@ -15,6 +15,8 @@ ob_start();
     </button>
 </div>
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
+
     <div class="modal-body">
 
         <ul class="nav nav-pills nav-justified mb-3">
diff --git a/agent/modals/network/network_edit.php b/agent/modals/network/network_edit.php
index 6774f784..690748ec 100644
--- a/agent/modals/network/network_edit.php
+++ b/agent/modals/network/network_edit.php
@@ -29,6 +29,7 @@ ob_start();
     </button>
 </div>
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
     <input type="hidden" name="network_id" value="<?= $network_id ?>">
     <input type="hidden" name="client_id" value="<?= $client_id ?>">
     <div class="modal-body">
diff --git a/agent/modals/network/network_export.php b/agent/modals/network/network_export.php
index b7290124..e50ba88f 100644
--- a/agent/modals/network/network_export.php
+++ b/agent/modals/network/network_export.php
@@ -15,6 +15,7 @@ ob_start();
     </button>
 </div>
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
     <input type="hidden" name="client_id" value="<?= $client_id ?>">
     <div class="modal-body">
 
diff --git a/agent/networks.php b/agent/networks.php
index 22c37c38..02978b94 100644
--- a/agent/networks.php
+++ b/agent/networks.php
@@ -323,11 +323,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                         <?php if ($session_user_role == 3) { ?>
                                             <?php if ($network_archived_at) { ?>
                                             <div class="dropdown-divider"></div>
-                                            <a class="dropdown-item text-info confirm-link" href="post.php?unarchive_network=<?= $network_id ?>">
+                                            <a class="dropdown-item text-info confirm-link" href="post.php?restore_network=<?= $network_id ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
                                                 <i class="fas fa-fw fa-redo mr-2"></i>Restore
                                             </a>
                                             <div class="dropdown-divider"></div>
-                                            <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_network=<?= $network_id ?>">
+                                            <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_network=<?= $network_id ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
                                                 <i class="fas fa-fw fa-trash mr-2"></i>Delete
                                             </a>
                                             <?php } else { ?>
diff --git a/agent/post/network.php b/agent/post/network.php
index 1353d1b6..af96479e 100644
--- a/agent/post/network.php
+++ b/agent/post/network.php
@@ -8,6 +8,8 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
 
 if (isset($_POST['add_network'])) {
 
+    validateCSRFToken($_POST['csrf_token']);
+
     enforceUserPermission('module_support', 2);
 
     require_once 'network_model.php';
@@ -26,6 +28,8 @@ if (isset($_POST['add_network'])) {
 
 if (isset($_POST['edit_network'])) {
 
+    validateCSRFToken($_POST['csrf_token']);
+
     enforceUserPermission('module_support', 2);
 
     $network_id = intval($_POST['network_id']);
@@ -43,6 +47,8 @@ if (isset($_POST['edit_network'])) {
 
 if (isset($_GET['archive_network'])) {
 
+    validateCSRFToken($_GET['csrf_token']);
+
     enforceUserPermission('module_support', 2);
 
     $network_id = intval($_GET['archive_network']);
@@ -63,11 +69,13 @@ if (isset($_GET['archive_network'])) {
 
 }
 
-if (isset($_GET['unarchive_network'])) {
+if (isset($_GET['restore_network'])) {
+
+    validateCSRFToken($_GET['csrf_token']);
 
     enforceUserPermission('module_support', 2);
 
-    $network_id = intval($_GET['unarchive_network']);
+    $network_id = intval($_GET['restore_network']);
 
     // Get Network Name and Client ID for logging and alert message
     $sql = mysqli_query($mysqli,"SELECT network_name, network_client_id FROM networks WHERE network_id = $network_id");
@@ -77,7 +85,7 @@ if (isset($_GET['unarchive_network'])) {
 
     mysqli_query($mysqli,"UPDATE networks SET network_archived_at = NULL WHERE network_id = $network_id");
 
-    logAction("Network", "Unarchive", "$session_name restored contact $contact_name", $client_id, $network_id);
+    logAction("Network", "Restore", "$session_name restored contact $contact_name", $client_id, $network_id);
 
     flash_alert("Network <strong>$network_name</strong> restored");
 
@@ -87,6 +95,8 @@ if (isset($_GET['unarchive_network'])) {
 
 if (isset($_GET['delete_network'])) {
 
+    validateCSRFToken($_GET['csrf_token']);
+
     enforceUserPermission('module_support', 3);
 
     $network_id = intval($_GET['delete_network']);
@@ -147,7 +157,7 @@ if (isset($_POST['bulk_delete_networks'])) {
 
 if (isset($_POST['export_networks_csv'])) {
 
-    enforceUserPermission('module_support', 2);
+    enforceUserPermission('module_support');
 
     if ($_POST['client_id']) {
         $client_id = intval($_POST['client_id']);
