diff --git a/app/inithttp.go b/app/inithttp.go
index c25a214782..664fd19851 100644
--- a/app/inithttp.go
+++ b/app/inithttp.go
@@ -42,6 +42,13 @@ func (app *App) initHTTP(ctx context.Context) error {
 		// add app config to request context
 		func(next http.Handler) http.Handler { return config.Handler(next, app.ConfigStore) },
 
+		func(next http.Handler) http.Handler {
+			return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+				w.Header().Set("Referrer-Policy", "same-origin")
+				next.ServeHTTP(w, req)
+			})
+		},
+
 		// request cooldown tracking (for graceful shutdown)
 		func(next http.Handler) http.Handler {
 			return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
diff --git a/graphql2/graphqlapp/playground.go b/graphql2/graphqlapp/playground.go
index 0ee4ec3090..6be21adbe1 100644
--- a/graphql2/graphqlapp/playground.go
+++ b/graphql2/graphqlapp/playground.go
@@ -2,7 +2,7 @@ package graphqlapp
 
 import "html/template"
 
-const playVersion = "1.7.11"
+const playVersion = "1.7.20"
 
 const playHTML = `
 <!DOCTYPE html>