Forbidden error when submitting easyform

For some time now, we have occasionally been receiving an error when users try to submit an EasyForm form. As we run a heavily frequented site, we receive between 4 and 14 issues in Sentry per day due to the error.

We have already tried to reproduce the error with various scenarios, but it seems to occur randomly. Through Sentry, I know that the error occurs for both anonymous and logged-in users, as well as for various forms and form data.

Yesterday, I was lucky enough to have the error occur locally for the first time, and I was able to take a closer look. The token authentication fails in plone.protect.authenticator._verify_request, the X-CSRF-TOKEN from the request is present, but does not match those from the keyring (line 88). If you reload the page and resubmit the form, the error persists. However, if I go back in the browser (from the error page to the EasyForm) and submit it again with the already filled in data, the authentication works.

So far, I have had little to no contact with plone.protect and its surroundings and have not been able to identify the cause of the error, or why the tokens differ in rare cases and the authentication fails. Especially for anonymous users, the error is impractical, as they then get shown a 403 error page. Has anyone else run into this error before or have an idea what could be causing it?

Forbidden: Form authenticator is invalid.
  File "ZPublisher/", line 162, in transaction_pubevents
  File "ZPublisher/", line 371, in publish_module
    response = _publish(request, new_mod_info)
  File "ZPublisher/", line 266, in publish
    result = mapply(obj,
  File "ZPublisher/", line 85, in mapply
    return debug(object, args, context)
  File "ZPublisher/", line 63, in call_object
    return obj(*args)
  File "eggs/plone.z3cform-1.1.3-py3.8.egg/plone/z3cform/", line 63, in __call__
  File "eggs/plone.z3cform-1.1.3-py3.8.egg/plone/z3cform/", line 47, in update
  File "eggs/collective.easyform-3.1.1-py3.8.egg/collective/easyform/browser/", line 302, in update
    super(EasyFormForm, self).update()
  File "eggs/plone.z3cform-1.1.3-py3.8.egg/plone/z3cform/fieldsets/", line 65, in update
    super(ExtensibleForm, self).update()
  File "eggs/plone.z3cform-1.1.3-py3.8.egg/plone/z3cform/", line 30, in GroupForm_update
  File "eggs/z3c.form-3.7.1-py3.8.egg/z3c/form/", line 145, in update
  File "eggs/", line 21, in execute
  File "eggs/plone.protect-4.1.6-py3.8.egg/plone/protect/", line 126, in check
    raise Forbidden('Form authenticator is invalid.')