Here we go:
the other solution is, to remove or comment the header setting from the apache config file (/etc/apache2/apache2.conf):
To remove it from the .htaccess now, doesn’t make any sense to me, because it will be added by nextcloud with every update. Removing Header always set Referrer-Policy "no referrer" from apache config should be more future-proof.