The functionality to reset the OPCache is vulnerable to CSRF. In fact, it would be a good practice to implement a CSRF token in URL if the GET functionality is meant to trigger an action, instead of only retrieving data. Alternatively, it can be turned in a POST request, which I can see already has the CSRF protection implemented.
You will see the 302
status code and then, the page redirects to the overview page, as intended.