FormProtection and contact form in cakephp 4

I’m using FormProtection in my AppController to protect all forms in my app (admin and front).

The problem in the case of a contact form is that when a user stays a while on the contact page and then fills and submits the form a BadRequestException is thrown.

I think that it comes from the fact that FormProtection is related to the session.

My questions are :

Is there a way to keep FormProtection but avoid the problem described above ?

Is it risky to disable FormProtection for my contact form (using $this->FormProtection->setConfig('unlockedActions', ['index']); in ContactController::beforeFilter()) ?