diff --git a/bench/config/templates/nginx.conf b/bench/config/templates/nginx.conf
index 9df365f3..d5e5109e 100644
--- a/bench/config/templates/nginx.conf
+++ b/bench/config/templates/nginx.conf
@@ -49,6 +49,7 @@ server {
 	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
 	add_header X-Content-Type-Options nosniff;
 	add_header X-XSS-Protection "1; mode=block";
+	add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin";
 
 	location /assets {
 		try_files $uri =404;