In short: no, there is no way to solve this.
The security challenge does a redirect with Javascript, and there is no way to preserve the original referrer with a Javascript redirect. The referrer header will be set to the page that generated the redirect, which will be your own site.
I recognize that this will cause problems for analytics. Unfortunately, the security challenge is not optional, and there is no way to solve this with the security challenge in place.