If a data request fails with status 403 and an "X-CSRF-Token" response header value "required" (case insensitive),
a new security token will be fetched and the data request will be repeated automatically and transparently.
A new security token is fetched via a HEAD request on the service URL using an "X-CSRF-Token" header value "Fetch".
The response header value of "X-CSRF-Token" is remembered if present, or else that header will not be used any longer.