diff --git a/README.md b/README.md
index 0bf9d69401b..a9df78ad94b 100644
--- a/README.md
+++ b/README.md
@@ -245,6 +245,7 @@ If you see SQL errors after upgrading please remember to check for this specific
 - `admin/emails/admin_notification_email_template`
 - `catalog/product_image/progressive_threshold`
 - `catalog/search/search_separator`
+- `contacts/security/validate_formkey`
 - `dev/log/max_level`
 - `newsletter/security/enable_form_key`
 - `sitemap/category/lastmod`
diff --git a/app/code/core/Mage/Contacts/controllers/IndexController.php b/app/code/core/Mage/Contacts/controllers/IndexController.php
index 55c392a652b..1dcedb9e1f1 100644
--- a/app/code/core/Mage/Contacts/controllers/IndexController.php
+++ b/app/code/core/Mage/Contacts/controllers/IndexController.php
@@ -28,10 +28,11 @@
  */
 class Mage_Contacts_IndexController extends Mage_Core_Controller_Front_Action
 {
-    public const XML_PATH_EMAIL_RECIPIENT  = 'contacts/email/recipient_email';
-    public const XML_PATH_EMAIL_SENDER     = 'contacts/email/sender_email_identity';
-    public const XML_PATH_EMAIL_TEMPLATE   = 'contacts/email/email_template';
-    public const XML_PATH_ENABLED          = 'contacts/contacts/enabled';
+    public const XML_CSRF_USE_FLAG_CONFIG_PATH = 'contacts/security/validate_formkey';
+    public const XML_PATH_EMAIL_RECIPIENT      = 'contacts/email/recipient_email';
+    public const XML_PATH_EMAIL_SENDER         = 'contacts/email/sender_email_identity';
+    public const XML_PATH_EMAIL_TEMPLATE       = 'contacts/email/email_template';
+    public const XML_PATH_ENABLED              = 'contacts/contacts/enabled';
 
     /**
      * @return $this
@@ -65,6 +66,10 @@ public function postAction()
             /** @var Mage_Core_Model_Translate $translate */
             $translate->setTranslateInline(false);
             try {
+                if (!$this->_validateFormKey()) {
+                    Mage::throwException($this->__('Invalid Form Key. Please submit your request again.'));
+                }
+
                 $postObject = new Varien_Object();
                 $postObject->setData($post);
 
@@ -83,7 +88,7 @@ public function postAction()
                 }
 
                 if ($error) {
-                    throw new Exception();
+                    Mage::throwException($this->__('Unable to submit your request. Please, try again later'));
                 }
                 $mailTemplate = Mage::getModel('core/email_template');
                 /** @var Mage_Core_Model_Email_Template $mailTemplate */
@@ -98,24 +103,36 @@ public function postAction()
                     );
 
                 if (!$mailTemplate->getSentSuccess()) {
-                    throw new Exception();
+                    Mage::throwException($this->__('Unable to submit your request. Please, try again later'));
                 }
 
                 $translate->setTranslateInline(true);
 
-                Mage::getSingleton('customer/session')->addSuccess(Mage::helper('contacts')->__('Your inquiry was submitted and will be responded to as soon as possible. Thank you for contacting us.'));
-                $this->_redirect('*/*/');
+                Mage::getSingleton('customer/session')->addSuccess($this->__('Your inquiry was submitted and will be responded to as soon as possible. Thank you for contacting us.'));
+            } catch (Mage_Core_Exception $e) {
+                $translate->setTranslateInline(true);
 
-                return;
-            } catch (Exception $e) {
+                Mage::logException($e);
+                Mage::getSingleton('customer/session')->addError($e->getMessage());
+            } catch (Throwable $e) {
                 $translate->setTranslateInline(true);
 
-                Mage::getSingleton('customer/session')->addError(Mage::helper('contacts')->__('Unable to submit your request. Please, try again later'));
-                $this->_redirect('*/*/');
-                return;
+                Mage::logException($e);
+                Mage::getSingleton('customer/session')->addError($this->__('Unable to submit your request. Please, try again later'));
             }
+            $this->_redirect('*/*/');
         } else {
             $this->_redirect('*/*/');
         }
     }
+
+    /**
+     * Check if form key validation is enabled in contacts config.
+     *
+     * @return bool
+     */
+    protected function _isFormKeyEnabled()
+    {
+        return Mage::getStoreConfigFlag(self::XML_CSRF_USE_FLAG_CONFIG_PATH);
+    }
 }
diff --git a/app/code/core/Mage/Contacts/etc/config.xml b/app/code/core/Mage/Contacts/etc/config.xml
index 62df870a413..74e8c38b317 100644
--- a/app/code/core/Mage/Contacts/etc/config.xml
+++ b/app/code/core/Mage/Contacts/etc/config.xml
@@ -94,6 +94,9 @@
                 <sender_email_identity>custom2</sender_email_identity>
                 <email_template>contacts_email_email_template</email_template>
             </email>
+            <security>
+                <validate_formkey>0</validate_formkey>
+            </security>
         </contacts>
     </default>
 </config>
diff --git a/app/code/core/Mage/Contacts/etc/system.xml b/app/code/core/Mage/Contacts/etc/system.xml
index 1b63c774742..bbb5c6191b6 100644
--- a/app/code/core/Mage/Contacts/etc/system.xml
+++ b/app/code/core/Mage/Contacts/etc/system.xml
@@ -84,6 +84,23 @@
                         </email_template>
                     </fields>
                 </email>
+                <security translate="label">
+                    <label>Security</label>
+                    <sort_order>60</sort_order>
+                    <show_in_default>1</show_in_default>
+                    <show_in_website>1</show_in_website>
+                    <show_in_store>1</show_in_store>
+                    <fields>
+                        <validate_formkey translate="label comment">
+                            <label>Enable Form Key Validation</label>
+                            <frontend_type>select</frontend_type>
+                            <source_model>adminhtml/system_config_source_yesno</source_model>
+                            <sort_order>1</sort_order>
+                            <show_in_default>1</show_in_default>
+                            <comment><![CDATA[<strong style="color:red">Important!</strong> Enabling this option means that your custom templates used for contact form must contain <code>form_key</code> block output. Otherwise contact form will not work.]]></comment>
+                        </validate_formkey>
+                    </fields>
+                </security>
             </groups>
         </contacts>
     </sections>
diff --git a/app/design/frontend/base/default/template/contacts/form.phtml b/app/design/frontend/base/default/template/contacts/form.phtml
index 7b671ec20b4..bbb2848018f 100644
--- a/app/design/frontend/base/default/template/contacts/form.phtml
+++ b/app/design/frontend/base/default/template/contacts/form.phtml
@@ -24,6 +24,7 @@
     <h1><?php echo Mage::helper('contacts')->__('Contact Us') ?></h1>
 </div>
 <form action="<?php echo $this->getFormAction(); ?>" id="contactForm" method="post">
+    <?php echo $this->getBlockHtml('formkey') ?>
     <div class="fieldset">
         <h2 class="legend"><?php echo Mage::helper('contacts')->__('Contact Information') ?></h2>
         <ul class="form-list">
diff --git a/app/design/frontend/rwd/default/template/contacts/form.phtml b/app/design/frontend/rwd/default/template/contacts/form.phtml
index 3d7b7504779..9ab3de3d555 100644
--- a/app/design/frontend/rwd/default/template/contacts/form.phtml
+++ b/app/design/frontend/rwd/default/template/contacts/form.phtml
@@ -24,6 +24,7 @@
     <h1><?php echo Mage::helper('contacts')->__('Contact Us') ?></h1>
 </div>
 <form action="<?php echo $this->getFormAction(); ?>" id="contactForm" method="post" class="scaffold-form">
+    <?php echo $this->getBlockHtml('formkey') ?>
     <div class="fieldset">
         <h2 class="legend"><?php echo Mage::helper('contacts')->__('Contact Information') ?></h2>
         <p class="required"><?php echo Mage::helper('contacts')->__('* Required Fields') ?></p>
diff --git a/app/locale/en_US/Mage_Contacts.csv b/app/locale/en_US/Mage_Contacts.csv
index 277333d7e51..2a9a2408072 100644
--- a/app/locale/en_US/Mage_Contacts.csv
+++ b/app/locale/en_US/Mage_Contacts.csv
@@ -1,4 +1,5 @@
 "* Required Fields","* Required Fields"
+"<strong style=""color:red"">Important!</strong> Enabling this option means that your custom templates used for contact form must contain <code>form_key</code> block output. Otherwise contact form will not work.","<strong style=""color:red"">Important!</strong> Enabling this option means that your custom templates used for contact form must contain <code>form_key</code> block output. Otherwise contact form will not work."
 "Comment","Comment"
 "Contact Form","Contact Form"
 "Contact Information","Contact Information"
@@ -10,9 +11,12 @@
 "Email Sender","Email Sender"
 "Email Template","Email Template"
 "Enable Contact Us","Enable Contact Us"
+"Enable Form Key Validation","Enable Form Key Validation"
+"Invalid Form Key. Please submit your request again.","Invalid Form Key. Please submit your request again."
 "Name","Name"
+"Security","Security"
 "Send Emails To","Send Emails To"
 "Submit","Submit"
 "Telephone","Telephone"
-"Unable to submit your request. Please, try again later","Unable to submit your request. Please, try again later"
+"Unable to submit your request. Please, try again later","Unable to submit your request. Please, try again later."
 "Your inquiry was submitted and will be responded to as soon as possible. Thank you for contacting us.","Your inquiry was submitted and will be responded to as soon as possible. Thank you for contacting us."