How do I hide referrer info to linked external sites

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.

Purpose

Most web servers maintain logs of all traffic, and record the HTTP referrer sent by the web browser for each request. This raises a number of privacy concerns, and as a result, a number of systems to prevent web servers being sent the real referring URL have been developed. These systems work either by blanking the referrer field or by replacing it with inaccurate data. This system is often called Referrer Hiding.

Confluence users may wish to anonymize external links that exists in their Confluence pages to make sure that the external Websites owners will not be able to see that their sites are being linked in their Confluence page.

This is a difficult problem to solve due to the state of web browsers, and is not something that can be toggled in Confluence itself, but has to rely on the standards of the web to address.

A feature request for this has been closed as 'Won't Fix':  CONF-4085 - Getting issue details... STATUS

Solution

Please note that all the workaround stated in this page are beyond Atlassian Support Offerings.

  1. Using HTTPS regardless of how it impacts referrer data for general security. However, it will *not* hide the referrer when the link points to another HTTPS site.
  2. Add the rel=noreferrer attribute to all your link elements. Use the following Javascript to do this:

    function hideRefer(e) {
    var a = e.target;
    if (a && a.tagName !== 'A') a = a.parentNode;
    if (a && a.tagName === 'A') {
    a.rel = 'noreferrer';
    }
    }
    window.addEventListener('mousedown', hideRefer, true);
    window.addEventListener('keydown', hideRefer, true);
  3.  Modify headers by using proxy. We recommend mod_proxy for Confluence

    1. Using Apache with mod_proxy

  4. Use RequestHeader Directive to 'unset' the referrer header with mod_proxy

    1. http://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader

  5. Go to Confluence Admin > Custom HTML and add the following to At end of the HEAD:
    <meta name="referrer" content="no-referrer"/>


Last modified on Nov 2, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.