Fix Guide

How to Fix a Missing Referrer-Policy Header

The response does not define how much referrer information browsers may send to other sites.

Paste a full URL or enter a domain such as example.com. Results include technology evidence, quality checks, and a developer fix list.

Recommended fix

Add a Referrer-Policy header that limits cross-origin leakage while preserving useful analytics.

This guide is designed to pair with a scanner report. Run a URL scan first, then follow the implementation steps.

Developer task

Set Referrer-Policy: strict-origin-when-cross-origin at the CDN or server layer.

Implementation steps

How to apply this fix

  1. Choose a policy that balances privacy and analytics, such as strict-origin-when-cross-origin.
  2. Set the Referrer-Policy response header at the CDN, Nginx, Apache, or app layer.
  3. Confirm analytics and referral attribution still work as expected.
  4. Re-scan to verify the Referrer-Policy header is present.
Verify

Re-run the URL scan after deploying the change to confirm the issue clears and the Themerella Score updates.

Related guides

Continue the same website quality workflow.