Change referrer policy to be controlled by header in web UI (#33214)

app/controllers/admin/base_controller.rb

@@ -8,6 +8,7 @@ module Admin
     layout 'admin'
 
     before_action :set_cache_headers
+    before_action :set_referrer_policy_header
 
     after_action :verify_authorized
 
@@ -17,6 +18,10 @@ module Admin
       response.cache_control.replace(private: true, no_store: true)
     end
 
+    def set_referrer_policy_header
+      response.headers['Referrer-Policy'] = 'same-origin'
+    end
+
     def set_user
       @user = Account.find(params[:account_id]).user || raise(ActiveRecord::RecordNotFound)
     end