diff --git a/config/settings.py b/config/settings.py
index 5235b26..1e26278 100644
--- a/config/settings.py
+++ b/config/settings.py
@@ -36,6 +36,9 @@
 # https://github.com/simonw/simonwillisonblog/issues/498
 SECURE_CROSS_ORIGIN_OPENER_POLICY = False
 
+# https://github.com/simonw/simonwillisonblog/issues/558
+SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin"
+
 # SESSION_COOKIE_DOMAIN
 if os.environ.get("SESSION_COOKIE_DOMAIN"):
     SESSION_COOKIE_DOMAIN = os.environ["SESSION_COOKIE_DOMAIN"]