diff --git a/application/src/main/java/run/halo/app/config/WebServerSecurityConfig.java b/application/src/main/java/run/halo/app/config/WebServerSecurityConfig.java
index 8c011f89f..83a858929 100644
--- a/application/src/main/java/run/halo/app/config/WebServerSecurityConfig.java
+++ b/application/src/main/java/run/halo/app/config/WebServerSecurityConfig.java
@@ -1,7 +1,6 @@
 package run.halo.app.config;
 
 import static org.springframework.security.config.Customizer.withDefaults;
-import static org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN;
 import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.pathMatchers;
 
 import java.util.Set;
@@ -96,7 +95,8 @@ public class WebServerSecurityConfig {
                     spec.disable();
                 }
             })
-            .referrerPolicy().policy(STRICT_ORIGIN_WHEN_CROSS_ORIGIN).and()
+            .referrerPolicy(
+                spec -> spec.policy(haloProperties.getSecurity().getReferrerOptions().getPolicy()))
             .cache().disable().and()
             .anonymous(spec -> spec.authenticationFilter(
                 new HaloAnonymousAuthenticationWebFilter("portal", AnonymousUserConst.PRINCIPAL,
diff --git a/application/src/main/java/run/halo/app/infra/properties/SecurityProperties.java b/application/src/main/java/run/halo/app/infra/properties/SecurityProperties.java
index 78ed4ae71..f64fad93a 100644
--- a/application/src/main/java/run/halo/app/infra/properties/SecurityProperties.java
+++ b/application/src/main/java/run/halo/app/infra/properties/SecurityProperties.java
@@ -1,6 +1,9 @@
 package run.halo.app.infra.properties;
 
+import static org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN;
+
 import lombok.Data;
+import org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy;
 import org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode;
 
 @Data
@@ -10,6 +13,8 @@ public class SecurityProperties {
 
     private final FrameOptions frameOptions = new FrameOptions();
 
+    private final ReferrerOptions referrerOptions = new ReferrerOptions();
+
     @Data
     public static class FrameOptions {
 
@@ -18,6 +23,13 @@ public class SecurityProperties {
         private Mode mode = Mode.SAMEORIGIN;
     }
 
+    @Data
+    public static class ReferrerOptions {
+
+        private ReferrerPolicy policy = STRICT_ORIGIN_WHEN_CROSS_ORIGIN;
+
+    }
+
     @Data
     public static class Initializer {