
A (possibly) unprotected form, detected by CSRF Discoverer.
It uses a heuristic approach to decide whether or not a form contains an element that looks like a CSRF token. Developers can configure the heuristics on the settings page of the tool.

The CSRF Discoverer settings page.
Keep in mind that it is by no means a waterproof method. It is bound to have plenty of false positives and negatives, so use with care.