Here’s how to fix the Failed to set Referrer-Policy warning in the Chrome console from a website for example a WordPress-based one.
You might be a developer working on a website and you encounter the Google Chrome console error “Failed to set Referrer-Policy“. If that is the case we will show you how to fix it in this guide.
Just in case, the entire warning looks like this:
Failed to set referrer policy: The value ‘http://example.com/some-path/’ is not one of ‘always’, ‘default’, ‘never’, ‘no-referrer’, ‘no-referrer-when-downgrade’, ‘origin’, ‘origin-when-crossorigin’, or ‘unsafe-url’. The referrer policy has been left unchanged.
Fixing the Referrer Policy
You can manually fix the problem by changing the directive in the .htaccess file. It is highly likely your directive looks like this:
you can manually find and change as follows in .htaccess file
Header set Referrer-Policy ""
You can simply set a valid policy by changing to:
Header set Referrer-Policy "origin"
A referrer-policy modifies the algorithm used to populate the Referer header when fetching subresources, prefetching, or performing navigations. Every environment settings object has an algorithm for obtaining a referrer policy, which is used by default for all requests with that environment settings object as their request client.
From the definition above, this policy deals with what information is related to the URL the browser ships to a server to retrieve an external resource.
This policy comes with several optional values which are described here.
no-referrerwhich specifies that no referrer information is to be sent along with requests made from a particular request client to any origin. The header will be omitted entirely.
no-referrer-when-downgradedoesn’t send Referrer header to a non-priority authenticated URL (if an https URL links to an HTTP URL no header is sent)
same-originpolicy specifies that a full URL, stripped for use as a referrer, is sent as referrer information when making
same-originrequests from a particular request client. while Cross-origin requests won’t contain referrer information.
originsends the scheme, host, and port (basically, the subdomain) stripped of the full URL as a referrer, i.e. https://moz.com/example.html would simply send https://moz.com for all.
origin-when-cross-originsends the format described in origin to cross-origin, while a full stripped URL is sent to
unsafe-urlpolicy specifies that a full URL, stripped for use as a referrer, is sent along with both
cross-originrequests and same-origin requests made from a particular request client.
it’s unsafe because it will leak origins and paths from TLS-protected resources to insecure origins.
- The empty string
""corresponds to no policy, causing a fallback to a referrer policy defined elsewhere, or in the case where no such higher-level policy is available, defaulting to
There may be cases where the setting is fine but you still get the warning. It could be third-party interference such as that from an Ad-blocker.
You can find out more about using this policy as well as browser compatibility from the links below.