When following a link from an HTTPS page to an HTTP page, browsers by default suppress the referrer in the new request. (On the other hand, if the link leads to an HTTPS page or comes from an HTTP page, the referrer will by default be sent.) Therefore, band websites etc. will not "see" that their traffic is coming from us, which is undesirable. The problem will grow when we switch to enforcing HTTPS. We should therefore set a referrer policy that allows the browser to send the referrer; as our URLs don't contain secret parameters or similar, this should not be a problem-

(I became aware of this issue because Wikimedia is rolling out a similar change this week. See https://meta.wikimedia.org/wiki/Research:Wikimedia_referrer_policy)