By adding referrerpolicy="no-referrer-when-downgrade" to your iframe, you ensure that Safari sends the necessary referrer header, allowing the domain-restricted API key to function correctly. This is not considered a bug on Google's part, but rather a browser-specific behavior that needs to be addressed for the API to work as intended.