diff --git a/src/pretix/base/templates/pretixbase/redirect.html b/src/pretix/base/templates/pretixbase/redirect.html
new file mode 100644
index 0000000000..6c8404b4dd
--- /dev/null
+++ b/src/pretix/base/templates/pretixbase/redirect.html
@@ -0,0 +1,26 @@
+{% extends "error.html" %}
+{% load i18n %}
+{% load rich_text %}
+{% load static %}
+{% block title %}{% trans "Redirect" %}{% endblock %}
+{% block content %}
+<i class="fa fa-link fa-fw big-icon"></i>
+<div class="error-details">
+    <h1>{% trans "Redirect" %}</h1>
+    <h3>
+        {% blocktrans trimmed with host="<strong>"|add:hostname|add:"</strong>"|safe %}
+        The link you clicked on wants to redirect you to a destination on the website {{ host }}.
+        {% endblocktrans %}
+        {% blocktrans trimmed %}
+        Please only proceed if you trust this website to be safe.
+        {% endblocktrans %}
+    </h3>
+    <p>
+        <a href="{{ url }}" class="btn btn-primary btn-lg">
+            {% blocktrans trimmed with host=hostname %}
+            Proceed to {{ host }}
+            {% endblocktrans %}
+        </a>
+    </p>
+</div>
+{% endblock %}
diff --git a/src/pretix/base/views/redirect.py b/src/pretix/base/views/redirect.py
index fb977abb90..519b20b7af 100644
--- a/src/pretix/base/views/redirect.py
+++ b/src/pretix/base/views/redirect.py
@@ -24,6 +24,21 @@ import urllib.parse
 from django.core import signing
 from django.http import HttpResponseBadRequest, HttpResponseRedirect
 from django.urls import reverse
+from django.shortcuts import render
+
+
+def _is_samesite_referer(request):
+    referer = request.META.get('HTTP_REFERER')
+    if referer is None:
+        return False
+
+    referer = urllib.parse.urlparse(referer)
+
+    # Make sure we have a valid URL for Referer.
+    if '' in (referer.scheme, referer.netloc):
+        return False
+
+    return (referer.scheme, referer.netloc) == (request.scheme, request.get_host())
 
 
 def redir_view(request):
@@ -32,6 +47,14 @@ def redir_view(request):
         url = signer.unsign(request.GET.get('url', ''))
     except signing.BadSignature:
         return HttpResponseBadRequest('Invalid parameter')
+
+    if not _is_samesite_referer(request):
+        u = urllib.parse.urlparse(url)
+        return render(request, 'pretixbase/redirect.html', {
+            'hostname': u.hostname,
+            'url': url,
+        })
+
     r = HttpResponseRedirect(url)
     r['X-Robots-Tag'] = 'noindex'
     return r