Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-58741

Hide referrer info to linked external sites

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Currently when external links are entered into Confluence pages, the link points directly to the linked page. This allows the linked site to harvest internal addresses (potentially containing page titles) of a private Confluence instance by logging the browser referrer header.

      Confluence should have an option to enable "safe external links". This should include two features: allow the administrator to specify a list of "safe sites" (such as all internal servers) where linking can be direct. Then, if safe linking is enabled, Confluence would link to any pages which aren't on the safe list through an redirect page which would clear the browser referrer.

      From: https://confluence.atlassian.com/confkb/how-do-i-hide-referrer-info-to-linked-external-sites-779293508.html/:
      Confluence users may wish to anonymise external links that exists in their Confluence pages to make sure that the external Websites owners will not be able to see that their sites are being linked in their Confluence page.

            [CONFCLOUD-58741] Hide referrer info to linked external sites

            Jonathan Woytek added a comment - - edited

            Consider this an upvote, especially since the workaround for Confluence Cloud does not appear to be avaialble anymore.

            It would be great if there was a way to disable referrer headers both in Confluence and Jira Cloud editions.

            Jonathan Woytek added a comment - - edited Consider this an upvote, especially since the workaround for Confluence Cloud does not appear to be avaialble anymore. It would be great if there was a way to disable referrer headers both in Confluence and Jira Cloud editions.

            Jake added a comment -

            Is the workaround provided by Axel Heider still possible? I could not find the options mentioned.

            Jake added a comment - Is the workaround provided by Axel Heider still possible? I could not find the options mentioned.

            Matthew Hunter added a comment -
            Atlassian Update - June 2, 2021

            Hi everyone,

            Thank you for bringing this suggestion to our attention.

            As explained in our new feature policy, there are many factors that influence our product roadmaps and determine the features we implement. When making decisions about what to prioritize and work on, we combine your feedback and suggestions with insights from our support teams, product analytics, research findings, and more. This information, combined with our medium- and long-term product and platform vision, determines what we implement and its priority order.

            Unfortunately, as a result of inactivity (no votes or comments for an extended period of time), this suggestion didn’t make it to the roadmap and we are closing it.

            While this issue has been closed, our Product Managers continue to look at requests in https://jira.atlassian.com as they develop their roadmap, including closed ones. In addition, if you feel like this suggestion is still important to your team please let us know by commenting on this ticket.

            Thank you again for providing valuable feedback to our team!

            Matthew Hunter added a comment - Atlassian Update - June 2, 2021 Hi everyone, Thank you for bringing this suggestion to our attention. As explained in our new feature policy , there are many factors that influence our product roadmaps and determine the features we implement. When making decisions about what to prioritize and work on, we combine your feedback and suggestions with insights from our support teams, product analytics, research findings, and more. This information, combined with our medium- and long-term product and platform vision, determines what we implement and its priority order. Unfortunately, as a result of inactivity (no votes or comments for an extended period of time), this suggestion didn’t make it to the roadmap and we are closing it. While this issue has been closed, our Product Managers continue to look at requests in https://jira.atlassian.com as they develop their roadmap, including closed ones. In addition, if you feel like this suggestion is still important to your team please let us know by commenting on this ticket. Thank you again for providing valuable feedback to our team!

            Axel Heider added a comment -

            Simply add "<meta name="referrer" content="no-referrer" />" into each page via Conflucence config -> "Custom HTML" -> "At end of the HEAD". See https://stackoverflow.com/questions/6817595/remove-http-referer and https://w3c.github.io/webappsec-referrer-policy for the background and other options besides "no-referrer".

             

            Axel Heider added a comment - Simply add " <meta name="referrer" content="no-referrer" /> " into each page via Conflucence config -> "Custom HTML" -> "At end of the HEAD". See  https://stackoverflow.com/questions/6817595/remove-http-referer  and  https://w3c.github.io/webappsec-referrer-policy  for the background and other options besides " no-referrer ".  

              Unassigned Unassigned
              tkrischer Thais Krischer (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: