Links to cross-origin destinations are unsafe
Description
Determine if following HTML elements a, area, and form that navigate to an external resource have defined an attribute rel="noopener".
Purpose
The noopener keyword for the rel attribute of the a, area, and form HTML elements instructs the browser to navigate to the target resource without granting the new browsing context access to the document that opened it – by not setting the window.opener property on the opened window (it returns null).
How to fix it
For following HTML elements: a, area, and form when they navigates to the external resource, add the attribute rel="noopener". You may enhance it by rel="nofollow noopener noreferrer" as it provides an additional layer of security and SEO control by:
- Preventing the new page from accessing the original page (
noopener). - Instructing search engines not to follow the link (
nofollow). This is ideal when you want to link to a page without implicitly endorsing it or transferring any SEO ranking benefits (link juice) to that page. Essentially, it tells search engines:This link is for informational purposes only; don’t consider it a vote of confidence
. - Preventing the browser from sending the Referer header (
noreferrer).
Rule
- Audit: Security.
- Standard: SiteLint.
- Level: Best Practices.
- Success Criteria: Not applicable.
- ID:
missing-rel-noopener