The example policy is:
Content-Security-Policy: referrer origin;
An example of a broken redirect is when a warning is given on a post. If this CSP directive is in place, after warning a user (`actionWarn`) XenForo will redirect the user to the root of the domain instead of redirecting the user back to the content.
There might be other broken redirects, as the function that uses the HTTP Referer header is part of the base Controller (`getDynamicRedirect`).