Section 10.1.3 defines Referer and says:

Most general-purpose user agents do not send the Referer header field when the referring resource is a local "file" or "data" URI.

There are two other things that I think are relevant to mention here:

1. Referer is often suppressed when the referring resource is "https" at a different origin than the request target.
2. Referer can contain only an origin rather than the referring resource identity.

Referrer-Policy might not be worth citing here as it is probably too specific to browsers, but these other constraints are worth noting. Especially the first as this has real security consequences. Though the text in Section 17.9 is excellent as a high-level principle, the steps that are taken to avoid URI leakage are meaningful and very relevant to this section.