diff --git a/config/_default/server.toml b/config/_default/server.toml
index 5fd5f6b54..5c7c6ac07 100644
--- a/config/_default/server.toml
+++ b/config/_default/server.toml
@@ -81,6 +81,16 @@ for = "/:lang/repository"
 # Cf https://github.com/letsencrypt/website/pull/976
 Referrer-Policy = "strict-origin"
 
+[[headers]]
+for = "/2017/10/17/acme-support-in-apache-httpd"
+[headers.values]
+Referrer-Policy = "strict-origin-when-cross-origin"
+
+[[headers]]
+for = "/2017/10/17/acme-support-in-apache-httpd/"
+[headers.values]
+Referrer-Policy = "strict-origin-when-cross-origin"
+
 [[headers]]
 for = "/certs/*.pem"
 [headers.values]
diff --git a/content/en/post/2017-10-17-acme-support-in-apache-httpd.markdown b/content/en/post/2017-10-17-acme-support-in-apache-httpd.markdown
index c08391412..409f715de 100644
--- a/content/en/post/2017-10-17-acme-support-in-apache-httpd.markdown
+++ b/content/en/post/2017-10-17-acme-support-in-apache-httpd.markdown
@@ -15,7 +15,7 @@ ACME support being built in to one of the world’s most popular Web servers, Ap
 
 The Apache httpd ACME module is called mod_md. It’s currently in the [development version of httpd](https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/) and a plan is being formulated to backport it to an httpd 2.4.x stable release. The mod_md code is also [available on GitHub](https://github.com/icing/mod_md).
 
-<div style="text-align: center;"><iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/gNJUpzNNWMw?rel=0" style="border: none;" allowfullscreen></iframe></div>
+<div style="text-align: center;"><iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/gNJUpzNNWMw?rel=0" style="border: none;" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe></div>
 
 It’s also worth mentioning that the development version of Apache httpd now includes support for an [SSLPolicy directive](https://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslpolicy). Properly configuring TLS has traditionally involved making a large number of complex choices. With the SSLPolicy directive, admins simply select a modern, intermediate, or old TLS configuration, and sensible choices will be made for them.
 
diff --git a/netlify.toml b/netlify.toml
index 08bfc6250..9915cc8be 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -99,6 +99,16 @@ for = "/:lang/repository"
 # Cf https://github.com/letsencrypt/website/pull/976
 Referrer-Policy = "strict-origin"
 
+[[headers]]
+for = "/2017/10/17/acme-support-in-apache-httpd"
+[headers.values]
+Referrer-Policy = "strict-origin-when-cross-origin"
+
+[[headers]]
+for = "/2017/10/17/acme-support-in-apache-httpd/"
+[headers.values]
+Referrer-Policy = "strict-origin-when-cross-origin"
+
 [[headers]]
 for = "/certs/*.pem"
 [headers.values]