diff --git a/caimira/apps/calculator/__init__.py b/caimira/apps/calculator/__init__.py
index 487723cd..585e271c 100644
--- a/caimira/apps/calculator/__init__.py
+++ b/caimira/apps/calculator/__init__.py
@@ -434,13 +434,6 @@ def get(self):
 
 
 class CO2ModelResponse(BaseRequestHandler):
-    def check_xsrf_cookie(self):
-        """
-        This request handler implements a stateless API that returns report data in JSON format.
-        Thus, XSRF cookies are disabled by overriding base class implementation of this method with a pass statement.
-        """
-        pass
-
     async def post(self, endpoint: str) -> None:
         data_registry: DataRegistry = self.settings["data_registry"]
         data_service: typing.Optional[DataService] = self.settings.get("data_service", None)
diff --git a/caimira/apps/calculator/static/js/co2_form.js b/caimira/apps/calculator/static/js/co2_form.js
index ef21f010..e846bbcf 100644
--- a/caimira/apps/calculator/static/js/co2_form.js
+++ b/caimira/apps/calculator/static/js/co2_form.js
@@ -312,6 +312,11 @@ function plotCO2Data(url) {
     fetch(url, {
       method: "POST",
       body: JSON.stringify(CO2_mapping),
+      headers: {
+        "Content-Type": "application/json",
+        "X-XSRFToken": document.getElementsByName('_xsrf')[0].value
+      },
+      credentials: "include",
     }).then((response) =>
       response
         .json()
@@ -347,6 +352,11 @@ function submitFittingAlgorithm(url) {
     fetch(url, {
       method: "POST",
       body: JSON.stringify(CO2_mapping),
+      headers: {
+        "Content-Type": "application/json",
+        "X-XSRFToken": document.getElementsByName('_xsrf')[0].value
+      },
+      credentials: "include",
     })
       .then((response) => response.json())
       .then((json_response) => {