**As** an administrator
**I want to** be able to capture external links and warn users when they leave the application
**so that** I can reduce phishing or other social engineering attacks

**Acceptance criteria**

<br>

* Allow setting this under Administration &gt; System settings using a new &quot;External links&quot; tabs

* Add a filter step to the HTML pipeline at the end, which detects all non-relative links that are not starting with the Setting.protocol and Setting.host\_name, and redirect them

* Add an internal route to catch them, warning users about the link

* showing the link

* having buttons &quot;Continue to external website&quot; and &quot;Cancel&quot; Begin of the insertion


End of the insertion Begin of the deletion


End of the deletion <br> Begin of the insertion

<img class="op-uc-image op-uc-image_inline" src="/api/v3/attachments/918053/content">

<br>

End of the insertion Begin of the deletion


End of the deletion **Technical notes**

* Add a setting `capture_external_links` which is on by default


**Permissions and visibility considerations**

* _To whom is this feature visible?_

* _When is it not visible?_


**Translation considerations**

* _Key terms and phrases in the key languages_&nbsp;


**Out of scope**

* <br>


_Set the_ **To be informed/consulted teams** _field to include all teams necessary to be informed of the changes._