What's the goal of csrfMetaTags?

I see in views/layout/main.php file that, in the HTML header, is injected this code




<?= Html::csrfMetaTags() ?>



That is generating, at every page reload, a different token, like the following one




<meta name="csrf-param" content="_csrf">

<meta name="csrf-token" content="RXFWNWU5amN8KzxiMEMyIXUXEXtQcjozKBwPTAQJXRkDADcYLUMmIA==">



Is this to avoid CSRF (aka Sea-surf, aka XSRF) attacks? If yes, is this something that Yii 2 will care about automatically, or must I handle this param/token in someway?