diff --git a/backend/src/main/java/ca/bc/gov/app/filter/CorsWebFilter.java b/backend/src/main/java/ca/bc/gov/app/filter/CorsWebFilter.java
index 08732a9d91..4aa8ab8e75 100644
--- a/backend/src/main/java/ca/bc/gov/app/filter/CorsWebFilter.java
+++ b/backend/src/main/java/ca/bc/gov/app/filter/CorsWebFilter.java
@@ -70,6 +70,9 @@ public Mono<Void> filter(ServerWebExchange ctx, WebFilterChain chain) {
     headers.add("Strict-Transport-Security", 
                 "max-age=300; includeSubDomains");
     
+    headers.add("Referrer-Policy", 
+                "no-referrer");
+    
     headers.remove("Server");
     
     headers.remove("X-Powered-By");