diff --git a/src/aphront/response/AphrontResponse.php b/src/aphront/response/AphrontResponse.php
index 47ec2e465b..34cbd4081f 100644
--- a/src/aphront/response/AphrontResponse.php
+++ b/src/aphront/response/AphrontResponse.php
@@ -92,6 +92,8 @@ abstract class AphrontResponse extends Phobject {
       $headers[] = array('Content-Security-Policy', $csp);
     }
 
+    $headers[] = array('Referrer-Policy', 'no-referrer');
+
     return $headers;
   }
 
diff --git a/src/view/page/PhabricatorBarePageView.php b/src/view/page/PhabricatorBarePageView.php
index 12eabf11e4..afdc482170 100644
--- a/src/view/page/PhabricatorBarePageView.php
+++ b/src/view/page/PhabricatorBarePageView.php
@@ -119,7 +119,7 @@ class PhabricatorBarePageView extends AphrontPageView {
       'meta',
       array(
         'name' => 'referrer',
-        'content' => 'never',
+        'content' => 'no-referrer',
       ));
 
     $response = CelerityAPI::getStaticResourceResponse();