diff --git a/netlify.toml b/netlify.toml
index 542ef00b..dd4168b3 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -10,7 +10,7 @@
     X-XSS-Protection = "1; mode=block"
     Content-Security-Policy = "default-src 'self'; connect-src 'self' https://api.pwnedpasswords.com; img-src data: https:; script-src 'self' 'unsafe-inline'; style-src 'self'; worker-src 'self'; object-src 'none'"
     Permissions-Policy = "geolocation=(), camera=(), microphone=(), payment=(), usb=()"
-    Referrer-Policy = "no-referrer-when-downgrade"
+    Referrer-Policy = "strict-origin-when-cross-origin"
     Expect-CT = "enforce, max-age=3600"
 
 [[headers]]