We have situation where x-dtreferer is blocked by security due to malicious attack signature. The injection of this header is intermittently. The WAF does not only block header but complete request and that in terms impact the payment related journeys.
I was looking into DT document and find very less information about it.
for reference check:
* the help docs: https://www.dynatrace.com/support/help/shortlink/rum-firewall, or
* an older post: https://answers.dynatrace.com/questions/95223/dynatrace-referer.html