Patched Magento Open Source 1.9.3.6 with SUPEE-10415.
Message:
Formkey validation on checkout disabled. This may expose security risks. We strongly recommend to Enable Form Key Validation On Checkout in Admin / Security Section, for protect your own checkout process. still appears.
What to do?
You still need to enable the form key validation on the checkout as per SUPEE-9767/Magento 1.9.3.6. Login to admin and go to:
System > Configuration > Advanced/Admin > Security > Enable Form Key Validation On Checkout >> Yes
Warning You will need to ensure any custom templates have the formkey outputted otherwise your checkout process will not work.
Please refer to Checkout form keys on https://magento.stackexchange.com/a/176958/41117 for more information
Make sure you have added a patch and added a Form key in all checkout phtml files which is using form tag.
Go to System->Configuration->Advanced->Admin and set Enable Form Key Validation On Checkout = Yes
http://ift.tt/2Ao6mTE
If any checkout has any form key is missing then your checkout should not work correctly.
