diff --git a/src/Http/ServerRequest.php b/src/Http/ServerRequest.php
index be1be669a49..f7ebc8e573a 100644
--- a/src/Http/ServerRequest.php
+++ b/src/Http/ServerRequest.php
@@ -576,7 +576,7 @@ public function referer($local = false)
         if (!empty($ref) && !empty($base)) {
             if ($local && strpos($ref, $base) === 0) {
                 $ref = substr($ref, strlen($base));
-                if (!strlen($ref)) {
+                if (!strlen($ref) || strpos($ref, '//') === 0) {
                     $ref = '/';
                 }
                 if ($ref[0] !== '/') {
diff --git a/tests/TestCase/Http/ServerRequestTest.php b/tests/TestCase/Http/ServerRequestTest.php
index 4ae2d31342b..075d36708b6 100644
--- a/tests/TestCase/Http/ServerRequestTest.php
+++ b/tests/TestCase/Http/ServerRequestTest.php
@@ -723,6 +723,9 @@ public function testReferer()
         $result = $request->referer();
         $this->assertSame('http://cakephp.org', $result);
 
+        $result = $request->referer(true);
+        $this->assertSame('/', $result);
+
         $request->env('HTTP_REFERER', '');
         $result = $request->referer();
         $this->assertSame('/', $result);
@@ -731,6 +734,10 @@ public function testReferer()
         $result = $request->referer(true);
         $this->assertSame('/some/path', $result);
 
+        $request->env('HTTP_REFERER', Configure::read('App.fullBaseUrl') . '///cakephp.org/');
+        $result = $request->referer(true);
+        $this->assertSame('/', $result); // Avoid returning scheme-relative URLs.
+
         $request->env('HTTP_REFERER', Configure::read('App.fullBaseUrl') . '/0');
         $result = $request->referer(true);
         $this->assertSame('/0', $result);