diff --git a/files/__main__.py b/files/__main__.py
index 8a4090b549..0d8cb36006 100644
--- a/files/__main__.py
+++ b/files/__main__.py
@@ -112,6 +112,7 @@ def before_request():
 def after_request(response):
 	response.headers.add("Strict-Transport-Security", "max-age=31536000")
 	response.headers.add("X-Frame-Options", "deny")
+	response.headers.add("Referrer-Policy", "same-origin")
 	if response.status_code < 400:
 		g.db.commit()
 		g.db.close()