To keep you and your customers money safe and secure, we undertake a number of security checks before we begin the process of taking a payment. One of these checks is based on the "Referer" header that is sent to us when you redirect a customer from your site, to our payment page. If this "Referer" header contains a value we weren't expecting, we won't proceed with the payment. There are typically two issues that might cause this error:
- The Website URL is not set correctly in the Super Merchant Portal - you should have set this URL when integrating with Super, and it needs to match the URL that we receive in the "Referer" header. This will usually be the URL of your checkout page (e.g. "https://checkout.your-site.com"). It needs to include any subdomains that are present on the checkout page (e.g. "https://checkout.your-site.com" vs "https://your-site.com"); doesn't matter if it includes "www".
- Your website has a strict "Referer-Policy" set. The "Referer-Policy" of your site determines whether or not it will send information to us in the "Referer" header. This policy can be set to a few different values, however, the default for most website is "strict-origin-when-cross-origin" which allows us to receive information in the "Referer" header. Some websites choose a more strict value for this policy, such as "same-origin" which prevents us from receiving the "Referer" information. Changing this policy to a less strict option, such as "strict-origin-when-cross-origin" will fix this issue.
Unfortunately, it isn't possible to give guidance on exactly how to change the policy, as the process will be different depending on how your website has been built. However, many popular e-commerce platforms will have a guide available on how to achieve this. Please see this article for more information on "Referrer-Policy".
If you've attempted the above, but are still receiving the error and unable to take payments, please reach out to our Customer Service team.