diff --git a/apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java b/apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
index 92e572b67b9d549b6b437ae47fa6b0b10da8f38a..b983bca9e51a2ab9ef686dad78ae3fd33a5792a4 100644
--- a/apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
+++ b/apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
@@ -388,6 +388,7 @@ public class I2PSnarkServlet extends BasicServlet {
         resp.setHeader("X-Frame-Options", "SAMEORIGIN");
         resp.setHeader("X-XSS-Protection", "1; mode=block");
         resp.setHeader("X-Content-Type-Options", "nosniff");
+        resp.setHeader("Referrer-Policy", "no-referrer");
     }
 
     private void writeMessages(PrintWriter out, boolean isConfigure, String peerString) throws IOException {
diff --git a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/localServer/LocalHTTPServer.java b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/localServer/LocalHTTPServer.java
index bd84ac9ee1eaca9f30637e5c40103ca52e7718b9..0aa2d1af2c6b96fab33e471cfb84b19ba3e986f4 100644
--- a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/localServer/LocalHTTPServer.java
+++ b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/localServer/LocalHTTPServer.java
@@ -196,6 +196,7 @@ public abstract class LocalHTTPServer {
             tbook = book;
         out.write(("HTTP/1.1 200 OK\r\n"+
                   "Content-Type: text/html; charset=UTF-8\r\n"+
+                  "Referrer-Policy: no-referrer\r\n"+
                   "Connection: close\r\n"+
                   "Proxy-Connection: close\r\n"+
                   "\r\n"+
diff --git a/apps/i2ptunnel/jsp/edit.jsp b/apps/i2ptunnel/jsp/edit.jsp
index 21fac1fc36b625c3f9618f44c93c15f8062f7dd8..c1030a5c7c93fada3177f9fc657ff85ad92454c6 100644
--- a/apps/i2ptunnel/jsp/edit.jsp
+++ b/apps/i2ptunnel/jsp/edit.jsp
@@ -6,6 +6,7 @@
     response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'");
     response.setHeader("X-XSS-Protection", "1; mode=block");
     response.setHeader("X-Content-Type-Options", "nosniff");
+    response.setHeader("Referrer-Policy", "no-referrer");
 
 %><%@page pageEncoding="UTF-8"
 %><%@page trimDirectiveWhitespaces="true"
diff --git a/apps/i2ptunnel/jsp/index.jsp b/apps/i2ptunnel/jsp/index.jsp
index de7ca8f318a16efa04694412000285c3f0971029..f0faf2c9467fc18328e1f36b4a13b577632af5d0 100644
--- a/apps/i2ptunnel/jsp/index.jsp
+++ b/apps/i2ptunnel/jsp/index.jsp
@@ -9,6 +9,7 @@
     response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
     response.setHeader("X-XSS-Protection", "1; mode=block");
     response.setHeader("X-Content-Type-Options", "nosniff");
+    response.setHeader("Referrer-Policy", "no-referrer");
 
 %><%@page pageEncoding="UTF-8"
 %><%@page trimDirectiveWhitespaces="true"
diff --git a/apps/i2ptunnel/jsp/wizard.jsp b/apps/i2ptunnel/jsp/wizard.jsp
index 1ce1c3190ddffd6f7d71e1b5c1be37aa8ddeee44..b8d7afae9462585fa1d01a6941443a55e6381c3d 100644
--- a/apps/i2ptunnel/jsp/wizard.jsp
+++ b/apps/i2ptunnel/jsp/wizard.jsp
@@ -9,6 +9,7 @@
     response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
     response.setHeader("X-XSS-Protection", "1; mode=block");
     response.setHeader("X-Content-Type-Options", "nosniff");
+    response.setHeader("Referrer-Policy", "no-referrer");
 
 %><%@page pageEncoding="UTF-8"
 %><%@page contentType="text/html" import="net.i2p.i2ptunnel.web.EditBean"
diff --git a/apps/routerconsole/jsp/css.jsi b/apps/routerconsole/jsp/css.jsi
index 2b8b370ebe1bea1b161d62ee12dd66ed1192cb73..3e68d362161571b9e5da261c52b899843a0cf01b 100644
--- a/apps/routerconsole/jsp/css.jsi
+++ b/apps/routerconsole/jsp/css.jsi
@@ -36,6 +36,10 @@
       response.setHeader("X-XSS-Protection", "1; mode=block");
       response.setHeader("X-Content-Type-Options", "nosniff");
    }
+   // https://www.w3.org/TR/referrer-policy/
+   // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
+   // As of Chrome 56, Firefox 50, Opera 43. "same-origin" not widely supported.
+   response.setHeader("Referrer-Policy", "no-referrer");
 
    String conNonceParam = request.getParameter("consoleNonce");
    if (net.i2p.router.web.CSSHelper.getNonce().equals(conNonceParam)) {
diff --git a/apps/susidns/src/jsp/addressbook.jsp b/apps/susidns/src/jsp/addressbook.jsp
index 99c01a58300290aa81fd252ef3eb915b8ab452b9..a72382444a4a689f8f262c9a72ee6be6f29f17fb 100644
--- a/apps/susidns/src/jsp/addressbook.jsp
+++ b/apps/susidns/src/jsp/addressbook.jsp
@@ -31,6 +31,7 @@
     response.setHeader("Content-Security-Policy", "default-src 'self'");
     response.setHeader("X-XSS-Protection", "1; mode=block");
     response.setHeader("X-Content-Type-Options", "nosniff");
+    response.setHeader("Referrer-Policy", "no-referrer");
 
 %>
 <%@page pageEncoding="UTF-8"%>
diff --git a/apps/susidns/src/jsp/config.jsp b/apps/susidns/src/jsp/config.jsp
index ec3706d990c615de6fa8b31fc40f4e98e8476cdc..207f332bb17c6274bdc1ee742b6929d473be9407 100644
--- a/apps/susidns/src/jsp/config.jsp
+++ b/apps/susidns/src/jsp/config.jsp
@@ -31,6 +31,7 @@
     response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
     response.setHeader("X-XSS-Protection", "1; mode=block");
     response.setHeader("X-Content-Type-Options", "nosniff");
+    response.setHeader("Referrer-Policy", "no-referrer");
 
 %>
 <%@page pageEncoding="UTF-8"%>
diff --git a/apps/susidns/src/jsp/details.jsp b/apps/susidns/src/jsp/details.jsp
index 773c4cd6fcb2fd1578690e0fd27ca8da529ff204..d463ea599dc15965bdff8d3809d887f07b11c2d7 100644
--- a/apps/susidns/src/jsp/details.jsp
+++ b/apps/susidns/src/jsp/details.jsp
@@ -28,6 +28,7 @@
     response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
     response.setHeader("X-XSS-Protection", "1; mode=block");
     response.setHeader("X-Content-Type-Options", "nosniff");
+    response.setHeader("Referrer-Policy", "no-referrer");
 
 %>
 <%@page pageEncoding="UTF-8"%>
diff --git a/apps/susidns/src/jsp/index.jsp b/apps/susidns/src/jsp/index.jsp
index 75851cd58b4202ac4f8adf20d826697c1f5e9d31..fa2e3a30a93f34f02a7ca4a4b51f57bf2daf7b8c 100644
--- a/apps/susidns/src/jsp/index.jsp
+++ b/apps/susidns/src/jsp/index.jsp
@@ -31,6 +31,7 @@
     response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
     response.setHeader("X-XSS-Protection", "1; mode=block");
     response.setHeader("X-Content-Type-Options", "nosniff");
+    response.setHeader("Referrer-Policy", "no-referrer");
 
 %>
 <%@page pageEncoding="UTF-8"%>
diff --git a/apps/susidns/src/jsp/subscriptions.jsp b/apps/susidns/src/jsp/subscriptions.jsp
index 8f6ee398e0542aa579a210fba63fa2d5ebff077b..d44212db522359db9192ee6a637b1790872aad6c 100644
--- a/apps/susidns/src/jsp/subscriptions.jsp
+++ b/apps/susidns/src/jsp/subscriptions.jsp
@@ -31,6 +31,7 @@
     response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
     response.setHeader("X-XSS-Protection", "1; mode=block");
     response.setHeader("X-Content-Type-Options", "nosniff");
+    response.setHeader("Referrer-Policy", "no-referrer");
 
 %>
 <%@page pageEncoding="UTF-8"%>
diff --git a/apps/susimail/src/src/i2p/susi/webmail/WebMail.java b/apps/susimail/src/src/i2p/susi/webmail/WebMail.java
index c9e5198d98297b2e0a90f677a603d0a3b60d0e40..95f633282e1c14d95cf1836bb2220e86cd4f972c 100644
--- a/apps/susimail/src/src/i2p/susi/webmail/WebMail.java
+++ b/apps/susimail/src/src/i2p/susi/webmail/WebMail.java
@@ -1637,6 +1637,7 @@ public class WebMail extends HttpServlet
                 response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'");
                 response.setHeader("X-XSS-Protection", "1; mode=block");
 		response.setHeader("X-Content-Type-Options", "nosniff");
+		response.setHeader("Referrer-Policy", "no-referrer");
 		RequestWrapper request = new RequestWrapper( httpRequest );
 		
 		SessionObject sessionObject = null;
diff --git a/installer/resources/proxy/ahelper-conflict-header.ht b/installer/resources/proxy/ahelper-conflict-header.ht
index 02dbac2ae2ab8aaa329239760c867014ee991328..ea255aa4b2a8fd3a8983aa3a4823b370fc7639ad 100644
--- a/installer/resources/proxy/ahelper-conflict-header.ht
+++ b/installer/resources/proxy/ahelper-conflict-header.ht
@@ -1,5 +1,6 @@
 HTTP/1.1 409 Conflict
 Content-Type: text/html; charset=UTF-8
+Referrer-Policy: no-referrer
 Cache-control: no-cache
 Connection: close
 Proxy-Connection: close
diff --git a/installer/resources/proxy/ahelper-new-header.ht b/installer/resources/proxy/ahelper-new-header.ht
index 2ae585327b2df9b453e73c9de55c2fafbb78efe8..c21bd7892470339f7b555968d12561d8a0e9ef49 100644
--- a/installer/resources/proxy/ahelper-new-header.ht
+++ b/installer/resources/proxy/ahelper-new-header.ht
@@ -1,5 +1,6 @@
 HTTP/1.1 409 New Address
 Content-Type: text/html; charset=UTF-8
+Referrer-Policy: no-referrer
 Cache-control: no-cache
 Connection: close
 Proxy-Connection: close
diff --git a/installer/resources/proxy/dnfh-header.ht b/installer/resources/proxy/dnfh-header.ht
index 3fbfe070f019824740acb4848736c3ca2a4be9c4..b03ecbc5033c282ffe95dfdca738e635416ba789 100644
--- a/installer/resources/proxy/dnfh-header.ht
+++ b/installer/resources/proxy/dnfh-header.ht
@@ -1,5 +1,6 @@
 HTTP/1.1 500 Domain Not Found
 Content-Type: text/html; charset=UTF-8
+Referrer-Policy: no-referrer
 Cache-control: no-cache
 Connection: close
 Proxy-Connection: close