diff --git a/app/views/users/password_reset.html.erb b/app/views/users/password_reset.html.erb
index 24364acffc5..61a61feb645 100644
--- a/app/views/users/password_reset.html.erb
+++ b/app/views/users/password_reset.html.erb
@@ -49,6 +49,7 @@
 </div>
 
 <%- content_for(:no_ember_head) do %>
+  <meta name="referrer" content="never">
   <%= script "ember_jquery" %>
   <%= render_google_universal_analytics_code %>
 <%- end %>
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index 95a8f2e5737..6d606493193 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -237,6 +237,18 @@ describe UsersController do
     end
 
     context 'valid token' do
+      context 'when rendered' do
+        render_views
+
+        it 'renders referrer never on get requests' do
+          user = Fabricate(:user, auth_token: SecureRandom.hex(16))
+          token = user.email_tokens.create(email: user.email).token
+          get :password_reset, token: token
+
+          expect(response.body).to include('<meta name="referrer" content="never">')
+        end
+      end
+
       it 'returns success' do
         user = Fabricate(:user, auth_token: SecureRandom.hex(16))
         token = user.email_tokens.create(email: user.email).token