The Content Security Policy (CSP)
referrer directive, used to specify how the
Referer HTTP header works, is now deprecated and will be removed in the near future. It has already been removed from Chrome 56 shipped this January. Use the
Referrer-Policy HTTP header instead.
Update: The directive has been removed with Firefox 62.