Zimbra Referrer-Policy best practice

The “Referer” header is a HTTP header that is added by the web browser whenever a request is made. A Zimbra user who receives an email with links or images in the Zimbra web interface may unknowingly share information of the Zimbra server when clicking the link or viewing inline-images.

For example when an email is forwarded from one organization to another organization the final recipient may click the link, and then the Zimbra server url is passed to the server where the link points to.

The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests. You can disable the Referer header in Zimbra as follows:

sudo su - zimbra
zmprov mcf +zimbraResponseHeader "Referrer-Policy: no-referrer"
zmcontrol restart

Further reading

, ,

2 Responses to Zimbra Referrer-Policy best practice

  1. Ari February 23, 2023 at 7:11 AM #

    Hi Barry,

    if multi server where to run the command? is it on the mailbox server?

    • Avatar photo
      Barry de Graaff February 23, 2023 at 10:59 AM #

      You can run it from any Zimbra server as zmprov will store the setting in LDAP. Then it will be applied after you restart.

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures