How to use the noreferrer feature with window.open and get a non-null reference to the child window?

I'd like to programmatically open a new window (i.e. via window.open) and modify the contents without

• making myself vulnerable to reverse tabnabbing via a non-null window.opener in the child window
• leaking potentially sensitive urls or query parameters via the Referer header

Using the noreferrer feature (i.e. window.open(url, target, "noreferrer")) seemed to be the most straightforward option but according to spec (see step 15), this will always cause the return value to be null.

Is there a way to open a new window without passing a Referer header, set opener to null, and still have a non-null reference to the opened window?

from How to use the noreferrer feature with window.open and get a non-null reference to the child window?