when making GET requests, I've noticed that my csrf tokens gets appended to my url. Is this safe?
Django doesn't check the CSRF token for GET requests. If you have any forms with method="get", you should remove the {% csrf_token %} tag.
While you are doing that, double check that GET requests are side-effect free (i.e. that they don't change any data). If they aren't, then keep the CSRF token and change the view/form to use a POST request instead.
If the CSRF token is included in URLs, then it might be stored somewhere e.g. server logs. If an attacker got the token, then they could use it to get around Django's CSRF protection.
See the Django CSRF docs for more information.