Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Empty Referrer sent for requestor error



On closing all the existing browser tabs, the application does not open in a tab of the same browser session.

Error Messages

(mgmt.util.CSRFUtil) ERROR xx.x.xx.xx|xx.xx.xx.xx  - Empty Referrer sent for requestor:

Steps to Reproduce

  1. Open the Pega application in a browser.
  2. Close all the tabs on which the Pega application is running.
  3. Reopen the Pega application in the same browser session.

Root Cause

This behavior is as per Pega product design.


Here's the explanation for the reported behavior:

When the Cross-Site Request Forgery (CSRF) is enabled in Pega, the application shares a CSRF token embedded as part of the URL. When the URL is clicked, for the next request-, the previous URL is the referrer from where the request is initiated. Hence, if the Pega application is unable to find the CSRF token in the referrer header as per the functionality, the 403 error message displays.

Published August 19, 2019 - Updated December 2, 2021

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us