Polish Referrer Header Policy Docs

Previously, the Referrer Header Policy was accidentally placed within
the CSP section.

Move Referrer Header Polich outside of the CSP section.

Issue gh-4110

docs/manual/src/docs/asciidoc/index.adoc

@@ -4354,6 +4354,18 @@ protected void configure(HttpSecurity http) throws Exception {
 }
 ----
 
+[[headers-csp-links]]
+===== Additional Resources
+
+Applying Content Security Policy to a web application is often a non-trivial undertaking.
+The following resources may provide further assistance in developing effective security policies for your site.
+
+http://www.html5rocks.com/en/tutorials/security/content-security-policy/[An Introduction to Content Security Policy]
+
+https://developer.mozilla.org/en-US/docs/Web/Security/CSP[CSP Guide - Mozilla Developer Network]
+
+https://www.w3.org/TR/CSP2/[W3C Candidate Recommendation]
+
 [[headers-referrer]]
 ==== Referrer Policy
 
@@ -4405,17 +4417,6 @@ protected void configure(HttpSecurity http) throws Exception {
 }
 ----
 
-[[headers-csp-links]]
-===== Additional Resources
-
-Applying Content Security Policy to a web application is often a non-trivial undertaking.
-The following resources may provide further assistance in developing effective security policies for your site.
-
-http://www.html5rocks.com/en/tutorials/security/content-security-policy/[An Introduction to Content Security Policy]
-
-https://developer.mozilla.org/en-US/docs/Web/Security/CSP[CSP Guide - Mozilla Developer Network]
-
-https://www.w3.org/TR/CSP2/[W3C Candidate Recommendation]
 
 [[headers-custom]]
 === Custom Headers