error int the Failed to set referrer policy

Question

I'm getting the following error in my chrome console for a Wordpress site I'm working on.

Failed to set referrer policy: The value 'http://example.com/comic/' is not one of 'always', 'default', 'never', 'no-referrer', 'no-referrer-when-downgrade', 'origin', 'origin-when-crossorigin', or 'unsafe-url'. The referrer policy has been left unchanged.

It's reffereing to this line in the <head> of the HTML document...

<meta name="Referrer" content="http://example.com/comic/" />

I'm vieing the page over http, not https.

What is causing this issue and how can I fix it?

Deepesh Thapa · Answer 1 · 2019-05-05T17:20:57.987

30

Go into your .htaccess file and change the following:

Header set Referrer-Policy ""

to

Header set Referrer-Policy "origin"

That should fix the issue.

The reason is more than likely because you don’t have correct permissions on your .htaccess file that allows w3tc to make the changes it needs to.

edited May 05 '19 at 17:20

answered Jul 21 '18 at 18:52

Deepesh Thapa

1,721
3
19
29

score 10 · Answer 2 · answered Oct 09 '16 at 22:20

Here 's the definition taken from the specs:

A referrer policy modifies the algorithm used to populate the Referer header when fetching subresources, prefetching, or performing navigations. Every environment settings object has an algorithm for obtaining a referrer policy, which is used by default for all requests with that environment settings object as their request client.

Therefore Referral policy deals with what information (related to the url) the browser ships to a server to retrieve an external resource.

The options for the content attribute listed in the specs are :

no-referrer which specifies that no referrer information is to be sent along with requests made from a particular request client to any origin. The header will be omitted entirely.
no-referrer-when-downgrade doesn't send Referrer header to non priori authenticated url (if an https url links to an http url no header is sent)
same-origin policy specifies that a full URL, stripped for use as a referrer, is sent as referrer information when making same-origin requests from a particular request client. while Cross-origin requests won't contain referrer information.
origin sends the scheme, host, and port (basically, the subdomain) stripped of the full URL as a referrer, i.e. https://moz.com/example.html would simply send https://moz.com for all.
origin-when-cross-origin sends the format described in origin to cross-origin, while a full stripped URL is sent to same origin requests.
unsafe-url policy specifies that a full URL, stripped for use as a referrer, is sent along with both cross-origin requests and same-origin requests made from a particular request client.
it's unsafe because it will leak origins and paths from TLS-protected resources to insecure origins.
The empty string "" corresponds to no referrer policy, causing a fallback to a referrer policy defined elsewhere, or in the case where no such higher-level policy is available, defaulting to no-referrer-when-downgrade.
always behaves like unsafe-url.

Note there is basic browser support for some of these values, particularly same-origin, strict-origin and strict-origin-when-cross-origin when included in a http header - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#Browser_compatibility — HBCondo, Jun 22 '17 at 04:32
Just in case if you are here but your `referrer policy` looks fine but your URL contains `google-ad-words` or something social, then ad-blocker might be the culprit. try disabling it. — Sar009, Feb 16 '18 at 07:50

score 10 · Answer 3 · edited Oct 17 '18 at 02:25

10

you can manually find and change as following in .htaccess file :

<IfModule mod_headers.c>
    Header set Referrer-Policy ""
</IfModule>

to

<IfModule mod_headers.c>
    Header set Referrer-Policy "origin"
</IfModule>

edited Oct 17 '18 at 02:25

DeepSpace101

13,110
9
77
127

answered Sep 04 '18 at 04:36

Khosravi.em

327
3
16

1

it's working for me. upvote from my side – Naren Verma Jun 10 '22 at 06:00

Nexus7_2012 · Answer 4 · 2018-10-31T16:58:17.047

Chrome Inspection Console showed me the same Error for my Wordpress sites which have W3 Total Cache installed. "Failed to set referrer policy: The value '' is not one of 'no-referrer', 'no-referrer- when-downgrade', 'origin', 'origin-when-cross-origin'"

and I tried to update the .htaccess file as indicated in the above answer. This fixed the Chrome Inspection Console error but it returned a few moments later.

Checking the Dashboard of W3 Total Cache Performance ->Browser Cache-> Referrer Policy-> Directive, this entry was showing blank.

Selecting 'origin' from the dropdown resulted in .htaccess being updated with the same value 'origin'

score 1 · Answer 5 · answered Aug 12 '17 at 11:56

1

"Referer" as a header is spelled without the double R. Maybe with the double R, it's matching against a different header than the one you mean.

answered Aug 12 '17 at 11:56

Pr0methean

303
4
14

score 0 · Answer 6 · answered Sep 16 '20 at 08:26

0

In my case, www. was missing in the API URL, while www. was present on the form page. Just ensure your API URL has www. if your page has it too.

answered Sep 16 '20 at 08:26

Overcomer

434
5
11

error int the Failed to set referrer policy

6 Answers6