To be able to mimic many concurrent users without having to open a lot of browser windows, a performance tool often simply sends HTTP requests that would typically be sent when performing actions in a browser.

The Planon application is protected against cross site request forgery (CSRF). This protection dynamically encrypts endpoints, which virtually makes it impossible to 'predict' the URLs.

Consequently, it is not possible to use automated performance tools that mimic browser users by sending HTTP requests, as such tool cannot circumvent dynamically encrypted URLs.