CSRF Protection for Anonymous Forms

This is a long -pending issue, still no suitable solution available.

Drupal version 7.56 and Anonymous forms like user login, view-exposed-filter-forms etc.

There is no CSRF protection for these forms and further description available that explains why is it not required?

But almost all security vulnerabilities software will give Medium-High risk warning to these forms that they are susceptible to CSRF forgery.

Is there something that we can do in to remove these security warnings. I have tried hacking /includes/common.inc methods viz drupal_get_token() and drupal_valid_token() to use ip-address if no anonymous-session available. But then token validity gets failed for all the forms.

I am stuck kindly help me.

Drupal version: 


Source: https://www.drupal.org/taxonomy/term/22/feed