Unfortunately, this is going to depend on how the scribble doc is served as HTML (i.e. file://, http://, https://) and how the browser handles referrerPolicy. Scribble is not setting a <meta name="referrer" .../> tag so the referrer policy for the generated html will be whatever the browser determines it should be. Actually setting a referrer policy that will work for all schemes is particularly difficult for file:// schemes. Safari seems like it won't ever send a referrer for file:// scheme even when using "unsafe-url". If you are serving this from an http server, then "unsafe-url" works fine and many of the other non-strict referrerPolicy option should also work. From https should also allow for some of the strict options.
There are a couple of ways to set the referrer policy in HTML. First is to add a meta tag to the HTML and second is to add it directly to the iframe. There might be a way to do the first option via scribble, but I'm not sure without more research how to do that. The second option is probably more appropriate for a scribble-embedding fix and would be something along the lines of
diff --git a/main.rkt b/main.rkt
index 4da1b44..133cb3b 100644
--- a/main.rkt
+++ b/main.rkt
@@ -46,6 +46,7 @@
`(iframe [@ (src ,url)
(width ,(number->string width))
(height ,(number->string height))
+ (referrerpolicy "unsafe-url")
,@(if frame-border
`((frameborder ,(number->string frame-border)))
`())
Actual fix likely won't want to use "unsafe-url", see <iframe>: The Inline Frame element - HTML | MDN for options.