diff --git a/apiserver/apiserver/settings.py b/apiserver/apiserver/settings.py
index 2d5b6cf..4169aa8 100644
--- a/apiserver/apiserver/settings.py
+++ b/apiserver/apiserver/settings.py
@@ -53,6 +53,7 @@ if DEBUG:
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 SESSION_COOKIE_SECURE = True
 CSRF_COOKIE_SECURE = True
+SECURE_REFERRER_POLICY = 'same-origin'
 
 
 # Application definition