Expected Behavior
Most of the other HeaderSpecs have a disable option, but ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec is missing it.
Current Behavior
There is no way to disable the ReferrerPolicy header unless you use headers.disable(), but that makes .writer() not work.
Context