On occasion, BioDigital's services will be unable to verify your embedded 3D model due to missing HTTP referrer data. When this happens, this means the application hosting your model is configured in a way that is not making the webpage's document referrer available for our Human Viewer code to access.
As explained in Why do I have to register an app?, our verification services check for both a valid developer key and a valid hosting domain. In order to determine the hosting domain, these services look at the document referrer, so if this is missing, the validation step will result in an error.
Why is my document referrer unavailable?
There are three primary reasons a document referrer might be unavailable:
- You are embedding a widget into a webpage that uses insecure protocols (HTTP), as opposed to secure protocols (HTTPS). This is especially an issue for Safari browsers. The "insecure" to "secure" request interaction between a HTTP hosting site and our HTTPS widget domain could result in the HTTP referrer getting dropped.
- You are embedding a widget within a iframe that has no source.
- You are embedding a widget into a webpage that is configured in a way in which the document referrer is not available in general.
To determine whether your webpage is providing HTTP referrer data, you can conduct this simple test:
Add one of the following to your HTML code and run it:
Clicking on the above link in your webpage will take you to a website that will show your HTTP referrer. Embedding the above iframe into your webpage will show your HTTP referrer right on your page. If your referrer cannot be shown, it means other websites, such as BioDigital, cannot track your source.
For more information about the possible causes of this issue, see:
- Where did all the HTTP referrers go? - Smerity.com
- Moving a website to HTTPS / SSL - Yoast.com
- The Meta Referrer Tag: An Advancement for SEO and the Internet - Moz.com
There are four possible solutions for a missing HTTP referrer:
- Ensure you are embedding your widget within a webpage that is being served over a secure protocol (HTTPS) domain or IP address, or your machine's localhost if testing locally.
- Acceptable source URL formats include:
Note that simply opening your local webpage file in your browser will not work (e.g., file:///Users/Project/mywidgetpage.html). For tips on how to serve an HTML file over a local HTTP server, see the following articles:
- Running a simple local HTTP server - MDN Web Docs, Mozilla
- SimpleHTTPServer: a quick way to serve a directory -
- http static server one-liners - GitHubGist
- If you are using Safari, try testing your widget in another browser, such as Chrome, Firefox, or Edge.
- Ensure your widget’s parent window specifies a valid source URL (the source url domain should be registered to the relevant App in your developer account).
- Specify a meta referrer tag in the <head> section of the HTML on your webpage to prevent loss of referrer data. This solution works with most browsers to pass the referrer that you define.
- For example:
- <meta name="referrer" content="unsafe-url"> (if URL contains no sensitive information)
- <meta name="referrer" content="origin">
- For more options and sample implementation for the meta referrer tag, see:
- The Meta Referrer Tag: An Advancement for SEO and the Internet - Moz.com (skip to section "Enter the meta referrer tag")
- Referrer Policies - w3.org
- Tighter Control Over Your Referrers - Mozilla Security Blog
- For example:
If you're still having trouble after trying the above solutions or need additional help, contact us.