Oh, so it was only ever shipped by Chrome. Is
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy totally wrong about the support for the Referrer-Policy header? If that already works in a few places, then indeed it seems likely that both mechanisms are used. So risk wise direct removal would probably work out.
(The deprecation reporting idea is
https://crbug.com/564071, was just curious if it might be easy to experiment with the idea here, but if it'd be more than 10 lines of code I agree let's keep that idea separate.)
Are console messages logged when you have a typo in the CSP header? If not, that might help catch other mistakes, and would help developers figure out what's happened.