Why public google user content images return 403

When using Google as your OIDC provider you can ask for the picture claim which contains the user’s profile picture. It’s usually a url like this:

https://lh3.googleusercontent.com/erjNVzk6nPUaUZuOTg2ObT12EzWWIokbuRdyuTkxRGR1nXQ5vhYk34twIt05FmaBNt7_yB3J

I wanted to show the user profile in an <img> tag, but Google was responding with 403. I searched around for an answer and I stumbled upon this stackoverflow answer which had the solution:

<img src="https://lh3.googleusercontent.com/erjNVzk6nPUaUZuOTg2ObT12EzWWIokbuRdyuTkxRGR1nXQ5vhYk34twIt05FmaBNt7_yB3J" referrerpolicy="no-referrer">

By setting the referrerpolicy attribute to no-referrer, the browser will not send the referrer header and this seems to solve the issue.