The referrer policy controls the information that GitHub Enterprise Server transmits in HTTP headers when someone visits a link from your GitHub Enterprise Server instance to an external site.
By default, when a user on your GitHub Enterprise Server instance visits a link to another site from a file or comment on your instance, the request includes the hostname for your instance in plain text within the
Referer header. If the link leads to an external website, the owner of the website could read the hostname for your instance in requests or log files.
You can control the information that GitHub Enterprise Server sends when a user visits a link from your instance.
You can enable the
same-origin referrer policy to instruct modern browsers to exclude the hostname for your GitHub Enterprise Server instance from requests to external websites. The setting applies to all links from the web interface on your instance. By default, GitHub Enterprise Server uses the
strict-origin-when-cross-origin referrer policies, which means your instance's hostname will appear in HTTP and HTTPS requests to external websites.
Note: Changing the referrer policy to
same-origin can affect external sites that expect a hostname in the HTTP headers for a request.
In the top-right corner of GitHub Enterprise Server, click your profile photo, then click Enterprise settings.
In the enterprise account sidebar, click Settings.
Under "User Agent Referrer Policy", select Enable same origin referrer policy for all organizations.