diff --git a/h5bp/basic.conf b/h5bp/basic.conf
index 24bd863..b8bd24a 100644
--- a/h5bp/basic.conf
+++ b/h5bp/basic.conf
@@ -3,6 +3,7 @@
 
 include h5bp/internet_explorer/x-ua-compatible.conf;
 include h5bp/security/content-security-policy.conf;
+include h5bp/security/referrer-policy.conf.conf;
 include h5bp/security/x-content-type-options.conf;
 include h5bp/security/x-frame-options.conf;
 include h5bp/security/x-xss-protection.conf;
diff --git a/h5bp/security/referrer-policy.conf b/h5bp/security/referrer-policy.conf
index 58136e8..3b85f5c 100644
--- a/h5bp/security/referrer-policy.conf
+++ b/h5bp/security/referrer-policy.conf
@@ -15,4 +15,4 @@
 # https://scotthelme.co.uk/a-new-security-header-referrer-policy/
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
 
-add_header Referrer-Policy "no-referrer-when-downgrade" always;
+add_header Referrer-Policy $referrer_policy always;
diff --git a/nginx.conf b/nginx.conf
index 3ea3dd4..3655b8c 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -115,6 +115,12 @@ http {
     text/html "script-src 'self'; object-src 'self'";
   }
 
+  # Add Referrer-Policy for HTML documents.
+  # h5bp/security/referrer-policy.conf.conf
+  map $sent_http_content_type $referrer_policy {
+    text/html "no-referrer-when-downgrade";
+  }
+
   # Add X-UA-Compatible for HTML documents.
   # h5bp/internet_explorer/x-ua-compatible.conf
   map $sent_http_content_type $x_ua_compatible {