Interesting, I hadn’t realized that this system might affect the HTTP referrer URL.
Unfortunately, I don’t think there is a way to fix this. Since the cookie challenge relies on generating the page and then redirecting people, I’m not sure it’s possible to prevent this referrer change. And the security system cannot be turned off.