How do I add anti-csrf tokens to the ZAP web application scanner?

The ZAP web application scanner is capable of detecting anti-csrf token fields. The default list of anti-csrf token fields used by HostedScan is:

 "anticsrf",
"CSRFToken",
"__RequestVerificationToken",
"csrfmiddlewaretoken",
"authenticity_token",
"OWASP_CSRFTOKEN",
"anoncsrf",
"csrf_token",
"_csrf",
"_csrfSecret",
"__csrf_magic",
"CSRF",
"_token",
"_csrf_token",
"_csrfToken",
"_wpnonce",
"data[_Token][key]

Custom anti-csrf tokens

To configure custom anti-csrf tokens, edit the target you are scanning, add the anti-csrf tokens, and then run a scan to get results with the new configuration.