8

Troubleshooting

Last Update 11 giorni fa

Why am I not getting notifications on Android? How do I opt out of the weekly roundup? Why aren't my tabs showing the URL content? Widget not showing up with WordPress Plugin: enable third party cookies How to change the Referrer-Policy (CORS) setting on your website

Why aren't my tabs showing the URL content?

Tabs appear on the side of your tawk.to dashboard when you’re viewing a current or previous chat. With tabs, you can access additional information without leaving the conversation. You can also customize these tabs and add URLs from third-party websites directly into the dashboard.


If the URL you’ve added doesn’t display inside a tab, it’s usually because the website blocks embedding or has certain security restrictions. This article walks you through the most common reasons and how to fix them.

Quick checklist 

To ensure that URLs display correctly within a tab, they must meet the following criteria:

  • The URL uses HTTPS (starts with https://).

  • The web page supports being viewed in a mobile/responsive container (tabs render in the dashboard UI).

  • The page does not block embedding (no X-Frame-Options: DENY / sameorigin, and frame-ancestors CSP is not blocking). 

Step-by-step troubleshooting

  1. Verify the URL and open it directly
    Open the URL in a new browser tab to confirm it loads over HTTPS and there are no certificate errors. If the page itself fails to load, fix that first (SSL, server, DNS).


  1. Check the browser console for framing errors
    Open Developer Tools (Windows: Ctrl+Shift+I or F12; macOS: Cmd+Option+I) and view the Console and Network tabs while the tab tries to load.

    Look for messages like:
    - Refused to display 'https://example.com' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

    - Refused to frame 'https://example.com' because an ancestor violates the Content Security Policy: frame-ancestors 'none'

    These messages tell you that the site blocks embedding.

  1. If you see X-Frame-Options: sameorigin or DENY
    X-Frame-Options is a header that prevents other sites from embedding a page in an <iframe>.
    - sameorigin lets the page appear only when framed by the same domain.
    - DENY prevents framing anywhere.

    Ask the page owner or site admin to remove or change that header, or host a version of the content on a domain that can be embedded in the tawk.to dashboard.


  1. If the console shows Content-Security-Policy (CSP) frame-ancestors errors
    Modern sites use CSP frame-ancestors to control which sites may embed them. If frame-ancestors blocks the dashboard, you must update the CSP to allow tawk.to resources or your dashboard origin.

    See this article for recommended directives and examples for whitelisting tawk.to resources:
    Resolving Content Security Policy (CSP) issues blocking the widget, images, and Knowledge Base articles


  1. Check Referrer-Policy settings
    An unusual Referrer-Policy can sometimes interfere with how embedded resources detect their origin. For the widget/dashboard to behave correctly the site’s Referrer-Policy should be one of:
    - strict-origin-when-cross-origin, or
    - no-referrer-when-downgrade

    See this guide to check and change this setting:
    How to change the Referrer-Policy (CORS) setting on your website


  1. Check for mixed content and HTTPS
    If the tab tries to load any non-HTTPS resources from the embedded page, browsers can block them. Make sure every resource on the embedded page (scripts, images, styles) loads over HTTPS.


  1. After making changes: clear cache and retest
    Clear the browser cache and reload the dashboard. Also test in a second browser (Chrome, Firefox, Safari, Edge) to rule out browser-specific behavior. 

Additional information

  • If you can’t change server headers, create a small embed-friendly page on a domain you control that contains the content (or an iframe pointing to the original content where permitted), and use that URL in the tab.

  • If your site uses strict CSP, whitelist *.tawk.to and (if relevant) https://*.tawk.help in the CSP connect-src, frame-src / frame-ancestors, script-src, img-src, and style-src directives so the dashboard can load resources from tawk.to. The CSP help article includes example directives.

  • If content is sensitive, instead of changing headers, consider hosting a safe, embeddable copy of only the non-sensitive content on a private URL that allows framing.

Related guides


If you have feedback about this article, or if you need more help:

Was this article helpful?

126 out of 236 liked this article

Still need help? Message Us

Related Articles

People also read

Creating and managing tabs

People also read

Setting up tabs on your personal profile page