How to hide HTTP referrers from issues to external websites

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Server, Data Center, and Cloud By Request - This article was written for the Atlassian server and data center platforms but may also be useful for Atlassian Cloud customers. If completing instructions in this article would help you, please contact Atlassian Support and mention it.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Purpose

Most web servers maintain logs of all traffic, and record the HTTP referrer sent by the web browser for each request. This raises a number of privacy concerns, and as a result, a number of systems have been developed to prevent web servers sending the real referring URL. These systems work either by blanking the referrer field or by replacing it with inaccurate data. This system is often called Referrer Hiding.

JIRA users may want to to disable the HTTP referrer for links to external websites that are included in the description of issues created in their JIRA application. 

Solution

Please note that all the workaround stated in this page are beyond Atlassian Support Offerings.

This can be accomplished by adding the content="no-referrer" attribute to the Announcement Banner:

  1. Choose  > System
  2. Select User Interface > Announcement banner in the System panel below.
  3. Enter the following  text in the Announcement field and at end of the HEAD element:

    <meta name="referrer" content="no-referrer" >
  4. Click the Set Banner button.

Alternate Solution

There have been reports that the above solution may not suppress the referrer in all cases. Should it prove insufficient in your own testing, here's a Javascript alternative to hide the links:

Improper addition of Javascript to the Announcement banner may prevent Jira's UI from loading properly. If you encounter this situation, follow the steps from Remove the Jira server announcement banner through the database to manually remove the announcement banner to restore functionality.


  1. Choose  > System
  2. Select User Interface > Announcement banner in the System panel below.
  3. Enter the following  text in the Announcement field (substitute your Jira base URL):

    <script type = "text/javascript">
      document.addEventListener('DOMContentLoaded', event => {
        document.querySelectorAll('a[href^="http"]:not([href*="JIRA_BASE_URL"])').forEach(anchor => anchor.setAttribute('rel','noreferrer')); 
      });
    </script>



Last modified on Oct 12, 2020

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.