diff --git a/core/modules/file/file.module b/core/modules/file/file.module
index bbca0d8..c4215cd 100644
--- a/core/modules/file/file.module
+++ b/core/modules/file/file.module
@@ -623,6 +623,18 @@ function file_file_download($uri) {
     return;
   }
 
+  // Find out which (if any) fields of this type contain the file.
+  $references = file_get_file_references($file, NULL, EntityStorageInterface::FIELD_LOAD_CURRENT, NULL);
+
+  // Stop processing if there are no references in order to avoid returning
+  // headers for files controlled by other modules. Make an exception for
+  // temporary files where the host entity has not yet been saved (for example,
+  // an image preview on a node/add form) in which case, allow download by the
+  // file's owner.
+  if (empty($references) && ($file->isPermanent() || $file->getOwnerId() != \Drupal::currentUser()->id())) {
+    return;
+  }
+
   if (!$file->access('view')) {
     return -1;
   }