Merge branch '5.8.x' into 6.0.x

Closes gh-13589

docs/modules/ROOT/pages/reactive/exploits/headers.adoc

@@ -448,8 +448,8 @@ fun webFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
 [[webflux-headers-referrer]]
 == Referrer Policy
 
-By default, Spring Security does not add xref:features/exploits/headers.adoc#headers-referrer[Referrer Policy] headers.
-You can enable the Referrer Policy header using configuration as shown below:
+Spring Security adds the xref:features/exploits/headers.adoc#headers-referrer[Referrer Policy] header by default with the directive `no-referrer`.
+You can change the Referrer Policy header using configuration as shown below:
 
 .Referrer Policy Configuration
 [tabs]