diff --git a/src/aphront/response/AphrontResponse.php b/src/aphront/response/AphrontResponse.php
--- a/src/aphront/response/AphrontResponse.php
+++ b/src/aphront/response/AphrontResponse.php
@@ -92,6 +92,8 @@
       $headers[] = array('Content-Security-Policy', $csp);
     }
 
+    $headers[] = array('Referrer-Policy', 'no-referrer');
+
     return $headers;
   }
 
diff --git a/src/view/page/PhabricatorBarePageView.php b/src/view/page/PhabricatorBarePageView.php
--- a/src/view/page/PhabricatorBarePageView.php
+++ b/src/view/page/PhabricatorBarePageView.php
@@ -119,7 +119,7 @@
       'meta',
       array(
         'name' => 'referrer',
-        'content' => 'never',
+        'content' => 'no-referrer',
       ));
 
     $response = CelerityAPI::getStaticResourceResponse();