When this option is enabled for a Visualforce page, you can’t access the page by entering its URL—/apex/PageName. Also, plain links to that page using tags don’t work. If you try to access a Visualforce page with CSRF protection enabled, the page doesn’t load and you get an error.
Plain links from a page with CSRF checks work, but links to the page do not. For example, if your page has the name PageName, the link Link doesn’t work. Instead, use the URLFOR() formula function, the $Page global variable, or the apex:outputLink component.
<apex:outputLink value="/apex/PageName">Link using apex:outputlink</apex:outputlink>
<a href="{!$Page.PageName}">Link using $Page</a>
<a href="{!URLFOR($Page.PageName)}">Link using URLFOR()</a>
CSRF [sic] checks on GET requests also affect how Visualforce pages are referenced from Apex controllers. Methods that return the URL of CSRF-protected [sic] pages for navigation don’t work:
public String getPage() {
return '/apex/PageName';
}
Instead, use methods that return a reference to the Visualforce page instead of the URL directly.
public class customController {
public PageReference getPage() {
return new PageReference('/apex/PageName');
}
public PageReference getPage1() {
return Page.PageName;
}
}
Best Answer
believe you have enabled the Require CSRF protection on GET requests checkbox on the page.
if you uncheck this checkbox then the page should load fine.
Go to Setup -> Develop -> Pages -> select your page and edit it to remove this checkbox.
you can refer these salesforce articles for additional information on when and why this checkbox is used.
Defining Visualforce Pages
Secure Coding Cross Site Request Forgery