diff --git a/CSRF Injection/README.md b/CSRF Injection/README.md
index 01a39fe..77fd4b4 100644
--- a/CSRF Injection/README.md	
+++ b/CSRF Injection/README.md	
@@ -7,13 +7,14 @@
 
 * [Methodology](#methodology)
 * [Payloads](#payloads)
-    * [HTML GET - Requiring User Interaction](#)
-    * [HTML GET - No User Interaction)](#)
-    * [HTML POST - Requiring User Interaction](#)
-    * [HTML POST - AutoSubmit - No User Interaction](#)
-    * [JSON GET - Simple Request](#)
-    * [JSON POST - Simple Request](#)
-    * [JSON POST - Complex Request](#)
+    * [HTML GET - Requiring User Interaction](#html-get---requiring-user-interaction)
+    * [HTML GET - No User Interaction)](#html-get---no-user-interaction)
+    * [HTML POST - Requiring User Interaction](#html-post---requiring-user-interaction)
+    * [HTML POST - AutoSubmit - No User Interaction](#html-post---autosubmit---no-user-interaction)
+    * [JSON GET - Simple Request](#json-get---simple-request)
+    * [JSON POST - Simple Request](#json-post---simple-request)
+    * [JSON POST - Complex Request](#json-post---complex-request)
+* [References](#references)
 
 ## Tools
 
@@ -114,4 +115,4 @@ xhr.send('{"role":admin}');
 - [Hacking Facebook accounts using CSRF in Oculus-Facebook integration](https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf)
 - [Cross site request forgery (CSRF) - Sjoerd Langkemper - Jan 9, 2019](http://www.sjoerdlangkemper.nl/2019/01/09/csrf/)
 - [Cross-Site Request Forgery Attack - PwnFunction](https://www.youtube.com/watch?v=eWEgUcHPle0)
-- [Wiping Out CSRF - Joe Rozner - Oct 17, 2017](#https://medium.com/@jrozner/wiping-out-csrf-ded97ae7e83f)
\ No newline at end of file
+- [Wiping Out CSRF - Joe Rozner - Oct 17, 2017](#https://medium.com/@jrozner/wiping-out-csrf-ded97ae7e83f)