How to hide HTTP referrers from issues to external websites

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Most web servers maintain logs of all traffic, and record the HTTP referrer sent by the web browser for each request. This raises a number of privacy concerns, and as a result, a number of systems have been developed to prevent web servers sending the real referring URL. These systems work either by blanking the referrer field or by replacing it with inaccurate data. This system is often called Referrer Hiding.

JIRA users may want to to disable the HTTP referrer for links to external websites that are included in the description of issues created in their JIRA application.

Solution

Please note that all the workaround stated in this page are beyond Atlassian Support Offerings.

This can be accomplished by adding the content="same-origin" attribute to the Announcement Banner:

  1. Choose

    (Auto-migrated image: description temporarily unavailable)

    >System.

  2. Select User Interface > Announcement banner in the System panel below.

  3. Enter the following text in the Announcement field and at end of the HEAD element:

    1 <meta name="referrer" content="same-origin">

  4. Click the Set Banner button.

Alternate Solution

There have been reports that the above solution may not suppress the referrer in all cases. Should it prove insufficient in your own testing, here's a Javascript alternative to hide the links:

Improper addition of Javascript to the Announcement banner may prevent Jira's UI from loading properly. If you encounter this situation, follow the steps from Remove the Jira server announcement banner through the database to manually remove the announcement banner to restore functionality.

  1. Choose

    (Auto-migrated image: description temporarily unavailable)

    >System.

  2. Select User Interface > Announcement banner in the System panel below.

  3. Enter the following text in the Announcement field (substitute your Jira base URL):

    1 2 3 4 5 <script type = "text/javascript"> document.addEventListener('DOMContentLoaded', event => { document.querySelectorAll('a[href^="http"]:not([href*="JIRA_BASE_URL"])').forEach(anchor => anchor.setAttribute('rel','noreferrer')); }); </script>

Updated on April 2, 2025
Platform
Data Center only
Product
Jira Software Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community