diff --git a/lib/application.js b/lib/application.js
index 1abe8d08f5..f8fef085ea 100644
--- a/lib/application.js
+++ b/lib/application.js
@@ -72,6 +72,7 @@ app.defaultConfiguration = function defaultConfiguration() {
 
   // default settings
   this.enable('x-powered-by');
+  this.enable('location back-referrer');
   this.set('etag', 'weak');
   this.set('env', env);
   this.set('query parser', 'extended');
diff --git a/lib/response.js b/lib/response.js
index 6aefe1b178..7a7a879a39 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -834,7 +834,7 @@ res.location = function location(url) {
   var loc = url;
 
   // "back" is an alias for the referrer
-  if (url === 'back') {
+  if (url === 'back' && this.app.enabled('location back-referrer')) {
     loc = this.req.get('Referrer') || '/';
   }
 
diff --git a/test/res.location.js b/test/res.location.js
index c0bfbe8c8e..c5dde37110 100644
--- a/test/res.location.js
+++ b/test/res.location.js
@@ -99,6 +99,21 @@ describe('res', function(){
         .expect('Location', '/')
         .expect(200, done)
       })
+
+      it('should set the header to "back" on back', function (done) {
+        var app = express()
+
+        app.disable("location back-referrer")
+
+        app.use(function (req, res) {
+          res.location('back').end()
+        })
+
+        request(app)
+        .get('/')
+        .expect('Location', 'back')
+        .expect(200, done)
+      })
     })
   })
 })