diff --git a/findthatcharity/settings.py b/findthatcharity/settings.py
index 5f4e0b2..bf77237 100644
--- a/findthatcharity/settings.py
+++ b/findthatcharity/settings.py
@@ -257,6 +257,7 @@
 LOGGING_DB = os.environ.get("LOGGING_DB")
 
 CORS_ALLOW_ALL_ORIGINS = True
+SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin"
 
 IGNORE_DOMAINS = (
     "gmail.com",