Currently when external links are entered into Confluence pages, the link points directly to the linked page. This allows the linked site to harvest internal addresses (potentially containing page titles) of a private Confluence instance by logging the browser referrer header.

Confluence should have an option to enable "safe external links". This should include two features: allow the administrator to specify a list of "safe sites" (such as all internal servers) where linking can be direct. Then, if safe linking is enabled, Confluence would link to any pages which aren't on the safe list through an redirect page which would clear the browser referrer.