Why can't the traffic source be determined?

More and more sites are switching to the secure https protocol and this has become an inconvenient fact for many website owners whose sites are still running on http. Specifically, sites who have not yet switched to https are seeing higher percents of direct visits.

From the technical p.o.v., “direct visits” are those where the user's browser doesn't send the Referer technical field. Usually this field contains the URL of the previous page that the user visited before landing at your site. If this field is absent, it means that there was no previous page because, for example, the visitor entered your page address manually into the search bar.

But the case is not always so simple. The W3 °C (World Wide Web Consortium), which develops internet standards, published a document on Referrer Policy that gives recommendations on when to send the Referer field depending on what types of sites the visitor clicks between. Though this document has not been definitively approved, the majority of up-to-date browsers already support the recommendations contained in it.

This document makes the following prescriptions: that the referrer is sent when a visitor goes from http to any site type and when they click-through from https to https, and only not sent when they click-through from https to http. These recommendations are completely logical: if you leave the safe haven of an https site, the browser will not send the address of the last page you visited over open (unencrypted) channels.

In practice, this is what it means for website owners: if your site is still running on http, you won't see a traffic source if that source uses https.

The best solution in this situation is to switch your site over to the secure protocol. Now you can get a free encryption certificate thanks to Let's Encrypt, a non-profit certification center that supports many of the main players in the online industry.

And if you're on the other side of the problem (i.e. you're the owner of a secure internet-resource but want the Referer field to be sent when visitors go to other sites from yours even if those sites are not protected), then there is also a solution for you. You can mark up the pages of your site that lead to non-secure resources using a special meta referrer. You can read more about these various methods in the Referrer Policy document under the Referrer Policy Delivery section. According to the “Can I use” project's data, this type of link markup is already supported by over half of browsers in use.