Console error (screenshot below): Access to fetch at 'https:/va.tawk.to/log-performance/v3' from origin '<my-domain>' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. POST https:/va.tawk.to/log-performance/v3 net::ERR_FAILED
Environment: Static site on Cloudflare. Widget loaded via the standard embed.tawk.to script (no crossorigin attribute). The widget initializes fine (Tawk_API present, bubble + chat work).
Already verified:
My domain is already added/whitelisted in the Tawk dashboard (Property Settings → domains), yet the error still occurs.
Referrer-Policy: strict-origin-when-cross-origin is set.
CSP whitelists all Tawk domains from help.tawk.to (*.tawk.to, wss:/*.tawk.to, cdn.jsdelivr.net, tawk.link, s3.amazonaws.com, fonts.googleapis.com, fonts.gstatic.com). va.tawk.to is allowed via *.tawk.to, so it is NOT blocked by my CSP.
The va.tawk.to/log-performance/v3 response itself returns no Access-Control-Allow-Origin header on the preflight (server-side on Tawk’s end).
Questions:
Is this a known issue with the log-performance telemetry endpoint not returning CORS headers?
Since my domain is already whitelisted, is this a server-side fix needed on your end?
Is it safe to ignore (does it affect any chat functionality)?
Happy to share my Property/Widget ID privately. Thanks!
Could you please share your website URL so our team can take a closer look and investigate the issue? If you prefer not to post it publicly, feel free to send it to us via direct message instead.
We appreciate your cooperation and look forward to assisting you further.
@Ralph We are experiencing the same error on our website. I don’t like to ignore errors (even safely and frankly I don’t understand this:
Can you please elaborate why you put a reference to va.tawk.to/log-performance/v3 into your script code and then intentionally block it in WAF? Would it not make more sense to remove the reference from your script code instead?
I’ve currently implemented a workaround that only loads Tawk.to after user interaction. Because of that, PageSpeed Insights still shows a score of 100. However, when auditing in a real Chrome session as a visitor, the Best Practices score drops from 100 to 96.
doanhnghiep360[dot]com
I will forward this information to our team for further investigation. We will review the issue and get back to you as soon as we have any updates or additional information to share.