diff --git a/middleware/helmet.js b/middleware/helmet.js
index 2c456dc05a..c613cd0f9b 100644
--- a/middleware/helmet.js
+++ b/middleware/helmet.js
@@ -17,7 +17,7 @@ const DEFAULT_OPTIONS = {
   crossOriginResourcePolicy: true,
   crossOriginEmbedderPolicy: false, // doesn't work with youtube
   referrerPolicy: {
-    policy: 'strict-origin-when-cross-origin',
+    policy: 'no-referrer-when-downgrade', // See docs-engineering #2426
   },
   // This module defines a Content Security Policy (CSP) to disallow
   // inline scripts and content from untrusted sources.