How to fix Failed to set Referrer Policy

Referrer Policy

Here’s how to fix the Failed to set Referrer Policy warning in the Chrome console from a website for exmple a WordPress based one

You might be a developer working on a website and you encounter the Google Chrome console error “Failed to set Referrer Policy“. If that is the case we will show you how to fix it in this guide.

Just in case, the entire warning looks like this:

Failed to set referrer policy: The value ‘http://example.com/some-path/’ is not one of ‘always’, ‘default’, ‘never’, ‘no-referrer’, ‘no-referrer-when-downgrade’, ‘origin’, ‘origin-when-crossorigin’, or ‘unsafe-url’. The referrer policy has been left unchanged.

Fixing the Referrer Policy

You can manually fix the problem by changing the directive in the .htaccess file. It is highly likely your directive looks like this:

you can manually find and change as following in .htaccess file

Read Also  LLVM 3.9 Release has Been Announced

Header set Referrer-Policy ""

You can simply set a valid policy by changing to:

Header set Referrer-Policy "origin"

A referrer policy modifies the algorithm used to populate the Referer header when fetching subresources, prefetching, or performing navigations. Every environment settings object has an algorithm for obtaining a referrer policy, which is used by default for all requests with that environment settings object as their request client.

From the definition above, this policy deals with what information related to the URL the browser ships to a server to retrieve an external resource.

This policy comes with several optional values which are described here.

  • no-referrer which specifies that no referrer information is to be sent along with requests made from a particular request client to any origin. The header will be omitted entirely.
  • no-referrer-when-downgrade doesn’t send Referrer header to a non-priority authenticated URL (if an https URL links to an HTTP URL no header is sent)
  • same-origin policy specifies that a full URL, stripped for use as a referrer, is sent as referrer information when making same-origin requests from a particular request client. while Cross-origin requests won’t contain referrer information.
  • origin sends the scheme, host, and port (basically, the subdomain) stripped of the full URL as a referrer, i.e. https://moz.com/example.html would simply send https://moz.com for all.
  • origin-when-cross-origin sends the format described in origin to cross-origin, while a full stripped URL is sent to same-origin requests.
  • unsafe-url policy specifies that a full URL, stripped for use as a referrer, is sent along with both cross-origin requests and same-origin requests made from a particular request client.
    it’s unsafe because it will leak origins and paths from TLS-protected resources to insecure origins.
  • The empty string "" corresponds to no policy, causing a fallback to a referrer policy defined elsewhere, or in the case where no such higher-level policy is available, defaulting to no-referrer-when-downgrade.
  • always behaves like unsafe-url.

In Conclusion

There may be cases where the setting is fine but you still get the warning. It could be third-party interference such as that from an Ad-blocker.

Read Also  How to Post Web Forms to an iFrame on Another Page

You can find out more about using this policy as well as browser compatibility from the links below.