Fix Guide

How to Fix a Missing Referrer-Policy Header

The response does not define how much referrer information browsers may send to other sites.

Safe public URL scan. Results include technology evidence, SEO checks, security headers, accessibility basics, and a developer fix list.

Recommended fix

Add a Referrer-Policy header that limits cross-origin leakage while preserving useful analytics.

This guide is designed to pair with a scanner report. Run a URL scan first, then follow the implementation steps.

Developer task

Set Referrer-Policy: strict-origin-when-cross-origin at the CDN or server layer.

Implementation steps

How to apply this fix

  1. Choose a policy that balances privacy and analytics, such as strict-origin-when-cross-origin.
  2. Set the Referrer-Policy response header at the CDN, Nginx, Apache, or app layer.
  3. Confirm analytics and referral attribution still work as expected.
  4. Re-scan to verify the Referrer-Policy header is present.
Verify

Re-run the URL scan after deploying the change to confirm the issue clears and the Themerella Score updates.

Related guides

Continue the same website quality workflow.