Pega set the cross site reference forgery in your application. To achive that, many activities are declared in the CPMInteractionHeader section. The hidden control on that section hold a script event that is declaring activity that needed to be executed from client side.
But even with that we are still observing a lot of random SECU0019 alert on PDC eg :
At the moment we manage to identify that 2 identicals requests are sent at the same time (microsec delay) and the latest one is getting rejected. We have not find the reason. But it is link to a click action : doclose / removethread / reloadsection...
For a quick solution, I' ll declare the guilty activity in the cross site request forgery (configure>system>settings>cross site request forgery) and see if the random SECU0019 are still displaying in PDC.
I also find a recent discussion on the subject, another hint maybe also an interaction with pegaknowledge widget on the V360.