How to change the Referrer-Policy setting on your website

Referrer Policy is a security header designed to prevent referrer leakage when accessing multiple websites. The lack of a Referrer-Policy header may affect user privacy and put sensitive information on the site at risk.

The Referrer Policy controls the information shared through the HTTP referrer header. It tells the web browser how to handle the referrer information when a user clicks a link that leads to another page or website.

At tawk.to, the Referrer Policy affects what the widget detects as its current location. If it’s not set up properly, then it prevents the widget from reading the source path. Without the full path, the widget may not load properly on the website.

Here’s a quick overview of different Referrer-Policy HTTP headers:

Header type Description
No-referrer No referrer information is sent.
No-referrer-when-downgrade    Sends the path (URL) when the protocol security level stays the same (HTTP ➞ HTTP, HTTPS ➞ HTTPS), but not to a less secure destination (HTTPS ➞ HTTP).
Origin Sends only the originating site (origin), without any additional path information.
Origin-when-cross-origin   Sends a full URL when going to internal links, but sends only the origin when going to external links or another website.
Same-origin  Sends the referrer information when going to internal links, but omits the value when going to external links.
Strict-origin Sends only the origin in the same protocol security level (HTTPS ➞ HTTPS and HTTP ➞ HTTP), but does not send the value to a less secure destination (HTTPS ➞ HTTP).
Strict-origin-when-cross-origin   Sends a full URL when performing a same-origin request; sends only the origin when the protocol security level stays the same (HTTPS ➞ HTTPS); and sends no value to a less secure destination (HTTPS ➞ HTTP).
Unsafe-url   Sends the full URL regardless of the destination. This option is not recommended.

For more information on how each HTTP header works, check out this article from Mozilla: Referrer-Policy

Here’s how to update the Referrer policy setting:

Open the website.

Access the developer tools, depending on your operating system. 

On Windows and Linux, press Ctrl + Shift + I or F12.

On Mac, press Cmd + Opt + I.

Click Network and search for tawk.to.

Note: If you don't see the list of network requests, then press Ctrl + R to refresh the page.

Under Name, click the widget ID. 

Note: To find your tawk.to widget ID in your Dashboard, follow the steps in this article: Where can I find the property and widget IDs?

Under Headers, make your way to GeneralReferrer Policy

If the Referrer Policy does not contain either of the following values, then the widget won’t load:

To fix the issue, add the following code in the head element of your website’s HTML (between <head></head>):

Save, publish and refresh the website to confirm the changes. 

Learn how to customize the Refferer Policy in WordPress here: Setting a HTTP Referrer Policy (Referrer-Policy Headers) in WordPress

You can learn about the best practices when setting up your Referrer Policy here: Referer and Referrer-Policy best practices

Was this article helpful?

2 out of 3 liked this article

Still need help? Message Us