#ZegnatToken exchange would hopefully not get cached either way, those are POST requests. Theoretically the consent screen could be cached, and could save on e.g. rerunning metadata discovery. But true that you would not be able to do that if you have a CSRF field.