Anyone else seen this cross site scripting warning on Bitstamp?

[go1111111]

I recently saw the following message two times yesterday. Both times I had entered my user ID and password to log into Bitstamp, been prompted to enter my two factor authentication using Google Authenticator, waited for perhaps 30 seconds or more, entered my authentication token, and then seen this message:

"forbidden (403) CSRF verification failed. Request aborted. You are seeing this message because this HTTPS site requires a 'Referer header' to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties."

Does anyone else who uses Bitstamp see this occasionally? I'm trying to figure out whether I was the target of a legit XSS attack or whether it's some issue on Bitstamp's side. I asked Bitstamp support, but they weren't helpful and just said to "enable cookies." I don't think they understood that I only get this intermittently.

[Kris]

It's when you are not quick enough to write in the two-factor code for example, their CSRF token will expire.
I admit I think it a bit harsh to set it to timeout this quick, but hey whatever works.

[go1111111]

Thanks! That makes sense.

[realcoin]

I have too "CSRF verification failed" after Login, but I didnt use "two-factor" authentication.