diff --git a/default.conf b/default.conf
index adef20d..405fbf3 100644
--- a/default.conf
+++ b/default.conf
@@ -54,6 +54,7 @@ server {
     add_header Access-Control-Allow-Origin $http_origin always;
     add_header Access-Control-Allow-Credentials true always;
     add_header Access-Control-Allow-Headers content-type,authorization,sess always;
+    add_header Referrer-Policy unsafe-url always;
     add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE;
     proxy_set_header Referer $host;
     proxy_set_header Origin $http_referer;