A Magento 1 site I'm working on (v126.96.36.199) has been failing its security scan, it says that security patch SUPEE-6788 is not installed correctly. Given that that patch was introduced as always installed in v188.8.131.52, this was rather odd to us. We did some digging and it turns out that the "form_key" anti-forgery token hidden fields, that SUPEE-6788 apparently introduced, were missing from some of the standard forms on the site. We are trying to figure out why exactly the form_key fields are in fact missing, we have already looked at all the plugins and themes but have so far found nothing that would override the default form code (which DOES have the form_key fields there, so the core code wasn't altered). So if anyone has any answers or insight, it would be appreciated. Thanks.