I can't recall ever encountering a referer-based authorization scheme that included the path or querystring in its logic--although it seems likely some goofus has implemented it, somewhere.

I actually just finished implementing a very simple JWT single sign-on feature. We don't use the referer for the authentication/authorization. However, having the path/query in the referer does allow our partners to know what (if any) post-login redirect path/query to include in the JWT to provide end users a seamless re-authentication experience.

We could, of course, build the same functionality into our implementation without relying having the path/query in the referer.

I have seen sites where the "Download this foobar" link only works when the referrer is the "Details of this foobar" page, where the download link is placed. If you sent a referrer of some other page on the site, e.g. the "list of all foobars" page, downloads would fail.

Considering that referer is trivially spoofable, not a great idea to rely on it for anything really.

So are cookies, but you wouldn't say that it's a bad idea to rely on them. Spoofing is only useful if you know the value you need to spoof.