diff --git a/.gitignore b/.gitignore
index cbc1be6a1..6b736ff00 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,9 @@
 # Ensure node files do not appear
+.idea
+vscode
 package-lock.json
 package.json
 yarn.lock
 node_modules
 php-versions.yml
-*.tmp
\ No newline at end of file
+*.tmp
diff --git a/src/variations/fpm-apache/etc/apache2/conf-available/security.conf b/src/variations/fpm-apache/etc/apache2/conf-available/security.conf
index 43957f476..c1b5ed798 100644
--- a/src/variations/fpm-apache/etc/apache2/conf-available/security.conf
+++ b/src/variations/fpm-apache/etc/apache2/conf-available/security.conf
@@ -84,15 +84,15 @@ Header always set X-Frame-Options: "sameorigin"
 #
 # Referrer policy
 #
-Header always set Referrer-Policy "no-referrer-when-downgrade"
+Header always set Referrer-Policy "strict-origin-when-cross-origin"
 
 #
 # Content Security Policy
 # UPDATE - September 2020: Commenting this out until we grasp better security requirements
-# 
+#
 #Header always set Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'"
 
 #
 # Strict-Transport-Security Policy (set HSTS)
 #
-Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
\ No newline at end of file
+Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains";