Adopt an "Origin When Cross-Origin" policy via the Meta Referrer tag, per https://meta.wikimedia.org/wiki/Research:Wikimedia_referrer_policy
See public discussion on Meta:
https://meta.wikimedia.org/wiki/Research_talk:Wikimedia_referrer_policy
I am creating this task to keep track of any patch, should we end up implementing this or a similar proposal.
Recommendation from privacy/security review: use an Origin When Cross-Origin policy.