How to change the Referrer-Policy setting on your website
Referrer Policy is a security header designed to prevent referrer leakage when accessing multiple websites. The lack of a Referrer-Policy header may affect user privacy and put sensitive information on the site at risk.
The Referrer Policy controls the information shared through the HTTP referrer header. It tells the web browser how to handle the referrer information when a user clicks a link that leads to another page or website.
At tawk.to, the Referrer Policy affects what the widget detects as its current location. If it’s not set up properly, then it prevents the widget from reading the source path. Without the full path, the widget may not load properly on the website.
Here’s a quick overview of different Referrer-Policy HTTP headers:
|No-referrer||No referrer information is sent.|
|No-referrer-when-downgrade||Sends the path (URL) when the protocol security level stays the same (HTTP ➞ HTTP, HTTPS ➞ HTTPS), but not to a less secure destination (HTTPS ➞ HTTP).|
|Origin||Sends only the originating site (origin), without any additional path information.|
|Origin-when-cross-origin||Sends a full URL when going to internal links, but sends only the origin when going to external links or another website.|
|Same-origin||Sends the referrer information when going to internal links, but omits the value when going to external links.|
|Strict-origin||Sends only the origin in the same protocol security level (HTTPS ➞ HTTPS and HTTP ➞ HTTP), but does not send the value to a less secure destination (HTTPS ➞ HTTP).|
|Strict-origin-when-cross-origin||Sends a full URL when performing a same-origin request; sends only the origin when the protocol security level stays the same (HTTPS ➞ HTTPS); and sends no value to a less secure destination (HTTPS ➞ HTTP).|
|Unsafe-url||Sends the full URL regardless of the destination. This option is not recommended.|
For more information on how each HTTP header works, check out this article from Mozilla: Referrer-Policy
Here’s how to update the Referrer policy setting:
Open the website.
Access the developer tools, depending on your operating system.
On Windows and Linux, press Ctrl + Shift + I or F12.
On Mac, press Cmd + Opt + I.
Click Network and search for tawk.to.
Note: If you don't see the list of network requests, then press Ctrl + R to refresh the page.
Under Name, click the widget ID.
Under Headers, make your way to General ➞ Referrer Policy.
If the Referrer Policy does not contain either of the following values, then the widget won’t load:
To fix the issue, add the following code in the head element of your website’s HTML (between <head></head>):
Save, publish and refresh the website to confirm the changes.
Learn how to customize the Refferer Policy in WordPress here: Setting a HTTP Referrer Policy (Referrer-Policy Headers) in WordPress
You can learn about the best practices when setting up your Referrer Policy here: Referer and Referrer-Policy best practices