CSRF fails on my website (https://en.speedymatch.com/) when entering my website from Google

[אורי]

How to reproduce this bug:
Open Chrome in incognito mode.
I click on a Google ad which redirects me to ​https://en.speedymatch.com/contact/?gclid=EAIaIQobChMIj43PgP379gIV0xx9Ch3UIg_FEAMYAyABEgK13_D_BwE (this ad can be found for example when searching for "Dating sites for singles speedy" on Google, from the USA)
Then I go back to the ad and click on a link which redirects me to ​https://en.speedymatch.com/about/
Then I go back to ​https://en.speedymatch.com/contact/?gclid=EAIaIQobChMIj43PgP379gIV0xx9Ch3UIg_FEAMYAyABEgK13_D_BwE and fill the form. I type another number in the "Type the number "17"*" field.

I get this error message:

Forbidden (403)
CSRF verification failed. Request aborted.

More information is available with DEBUG=True.

By email I receive an email like "[Django] WARNING (EXTERNAL IP): Forbidden (CSRF token missing or incorrect.): /". I received more than 1,300 error messages containing "CSRF token missing or incorrect" in the last 6 months.

Another way to get this message is to go to ​https://www.google.com/search?q=site%3Aspeedymatch.com (search for "site:speedymatch.com"), then click on ​https://en.speedymatch.com/contact/ (the second page results), and then click on ​https://en.speedymatch.com/about/ (the first page). Or click on the main page (​https://en.speedymatch.com/) and then click on ​https://en.speedymatch.com/about/ . All the clicks should be done to new tabs.

The problem is that real users can click these ads or search results, come to my website but they can't submit a form such as the contact form or registration form, if they clicked on another URL after they clicked on the link to the form. I checked and this error message also appears on the registration form (​https://en.speedymatch.com/).

If the user goes back and fills again the form, it works without error messages.

CSRF is supposed to block malicious users but it blocks many legitimate users on my website.