Forbidden error when submitting easyform

For some time now, we have occasionally been receiving an error when users try to submit an EasyForm form. As we run a heavily frequented site, we receive between 4 and 14 issues in Sentry per day due to the error.

We have already tried to reproduce the error with various scenarios, but it seems to occur randomly. Through Sentry, I know that the error occurs for both anonymous and logged-in users, as well as for various forms and form data.

Yesterday, I was lucky enough to have the error occur locally for the first time, and I was able to take a closer look. The token authentication fails in plone.protect.authenticator._verify_request, the X-CSRF-TOKEN from the request is present, but does not match those from the keyring (line 88). If you reload the page and resubmit the form, the error persists. However, if I go back in the browser (from the error page to the EasyForm) and submit it again with the already filled in data, the authentication works.

So far, I have had little to no contact with plone.protect and its surroundings and have not been able to identify the cause of the error, or why the tokens differ in rare cases and the authentication fails. Especially for anonymous users, the error is impractical, as they then get shown a 403 error page. Has anyone else run into this error before or have an idea what could be causing it?

Forbidden: Form authenticator is invalid.
  File "ZPublisher/WSGIPublisher.py", line 162, in transaction_pubevents
    yield
  File "ZPublisher/WSGIPublisher.py", line 371, in publish_module
    response = _publish(request, new_mod_info)
  File "ZPublisher/WSGIPublisher.py", line 266, in publish
    result = mapply(obj,
  File "ZPublisher/mapply.py", line 85, in mapply
    return debug(object, args, context)
  File "ZPublisher/WSGIPublisher.py", line 63, in call_object
    return obj(*args)
  File "eggs/plone.z3cform-1.1.3-py3.8.egg/plone/z3cform/layout.py", line 63, in __call__
    self.update()
  File "eggs/plone.z3cform-1.1.3-py3.8.egg/plone/z3cform/layout.py", line 47, in update
    self.form_instance.update()
  File "eggs/collective.easyform-3.1.1-py3.8.egg/collective/easyform/browser/view.py", line 302, in update
    super(EasyFormForm, self).update()
  File "eggs/plone.z3cform-1.1.3-py3.8.egg/plone/z3cform/fieldsets/extensible.py", line 65, in update
    super(ExtensibleForm, self).update()
  File "eggs/plone.z3cform-1.1.3-py3.8.egg/plone/z3cform/patch.py", line 30, in GroupForm_update
    _original_GroupForm_update(self)
  File "eggs/z3c.form-3.7.1-py3.8.egg/z3c/form/group.py", line 145, in update
    self.actions.execute()
  File "eggs/plone.app.z3cform-3.2.4-py3.8.egg/plone/app/z3cform/csrf.py", line 21, in execute
    CheckAuthenticator(self.request)
  File "eggs/plone.protect-4.1.6-py3.8.egg/plone/protect/authenticator.py", line 126, in check
    raise Forbidden('Form authenticator is invalid.')