When a Referrer Policy header is sent with the value "origin" on XenForo pages, some redirects break. The example policy is: Code: Content-Security-Policy: referrer origin; This policy tells the browser to include an HTTP Referer header in requests starting from that page, with the value being the origin only (i.e. protocol + hostname + port), instead of the full URI or not sending this header at all (in case the page is served over HTTP or HTTPS, respectively). An example of a broken redirect is when a warning is given on a post. If this CSP directive is in place, after warning a user (`actionWarn`) XenForo will redirect the user to the root of the domain instead of redirecting the user back to the content. There might be other broken redirects, as the function that uses the HTTP Referer header is part of the base Controller (`getDynamicRedirect`).