diff --git a/package-lock.json b/package-lock.json
index e00a1d3..9076598 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "showdown-chatbot",
-  "version": "2.11.3",
+  "version": "2.11.4",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "showdown-chatbot",
-      "version": "2.11.3",
+      "version": "2.11.4",
       "license": "MIT",
       "dependencies": {
         "busboy": "1.6.0",
diff --git a/package.json b/package.json
index ff583f6..3637f56 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "showdown-chatbot",
-  "version": "2.11.3",
+  "version": "2.11.4",
   "author": {
     "name": "Agustin San Roman",
     "email": "agustinsanromanguzman@gmail.com",
diff --git a/src/server/html-maker.js b/src/server/html-maker.js
index 36a91af..8dcb2ba 100644
--- a/src/server/html-maker.js
+++ b/src/server/html-maker.js
@@ -31,7 +31,7 @@ exports.generate = function (body, loginData, menu, options) {
 		}
 	}
 
-	buf += '<script type="text/javascript" src="/static/csrf-protect.js"></script>';
+	buf += '<script type="text/javascript" src="/static/csrf-protect-v2.js"></script>';
 
 	if (options.scripts) {
 		for (let i = 0; i < options.scripts.length; i++) {
diff --git a/static/csrf-protect.js b/static/csrf-protect-v2.js
similarity index 69%
rename from static/csrf-protect.js
rename to static/csrf-protect-v2.js
index 847c96c..ccf7ab5 100644
--- a/static/csrf-protect.js
+++ b/static/csrf-protect-v2.js
@@ -6,31 +6,15 @@ function getCookie(name) {
     if (parts.length == 2) return parts.pop().split(";").shift();
 }
 
-document.addEventListener("DOMContentLoaded", function () {
-    if (window.$) {
-        $(document).bind('ajaxSend', function (elm, xhr, s) {
-            if (s.type != 'GET') {
-                xhr.setRequestHeader('x-csrf-token', getCookie("usertoken"));
-            }
-        });
-    }
-
+function updateForms() {
     var forms = document.getElementsByTagName("form");
     for (var i = 0; i < forms.length; i++) {
         var form = forms[i];
-        if ((form.method + "").toLowerCase() === "post") {
-            var input = document.createElement("input");
-            input.type = "hidden";
-            input.name = "x-csrf-token";
-            input.value = getCookie("usertoken");
-            form.appendChild(input);
+
+        if (form.csrf_modified) {
+            continue;
         }
-    }
-});
 
-document.addEventListener('DOMNodeInserted', function(e) {
-    if (e.target.localName === "form") {
-        var form = e.target;
         if ((form.method + "").toLowerCase() === "post") {
             var input = document.createElement("input");
             input.type = "hidden";
@@ -38,5 +22,22 @@ document.addEventListener('DOMNodeInserted', function(e) {
             input.value = getCookie("usertoken");
             form.appendChild(input);
         }
+
+        form.csrf_modified = "true";
     }
+}
+
+document.addEventListener("DOMContentLoaded", function () {
+    if (window.$) {
+        $(document).bind('ajaxSend', function (elm, xhr, s) {
+            if (s.type != 'GET') {
+                xhr.setRequestHeader('x-csrf-token', getCookie("usertoken"));
+            }
+        });
+    }
+
+    updateForms();
+
+    var observer = new MutationObserver(updateForms);
+    observer.observe(document.querySelector("body"), { childList: true, subtree: true, attributes: false });
 });