diff --git a/handlers/csrf.go b/handlers/csrf.go
new file mode 100644
index 0000000..5d94b31
--- /dev/null
+++ b/handlers/csrf.go
@@ -0,0 +1,14 @@
+package handlers
+
+import (
+	"authentication/helper"
+	"net/http"
+)
+
+// CSRFToken issues a CSRF token by relying on the CSRFMiddleware
+// to set the token in the response header and cookie on GET requests.
+func CSRFToken(w http.ResponseWriter, r *http.Request) {
+	helper.RespondWithJSON(w, http.StatusOK, map[string]string{
+		"message": "CSRF token set",
+	})
+}
diff --git a/routes/routes.go b/routes/routes.go
index eff8efc..2813e6e 100644
--- a/routes/routes.go
+++ b/routes/routes.go
@@ -18,8 +18,10 @@ func SetupRoutes(router *mux.Router, db *sql.DB) {
 	authRoutes.HandleFunc("/login", handlers.GoogleLogin).Methods("GET")
 	authRoutes.HandleFunc("/callback", handlers.GoogleCallback).Methods("GET")
 	authRoutes.HandleFunc("/forgot-password", handlers.ForgotPassword).Methods("GET")
+
 	csrfProtected := authRoutes.NewRoute().Subrouter()
 	csrfProtected.Use(middleware.CSRFMiddleware)
+	csrfProtected.HandleFunc("/csrf", handlers.CSRFToken).Methods("GET")
 	csrfProtected.HandleFunc("/refresh_token", handlers.HandleTokenRefresh).Methods("POST", "OPTIONS")
 	csrfProtected.HandleFunc("/logout", handlers.LogoutHandler).Methods("POST")