Home

relnoopener

Relnoopener refers to the rel="noopener" attribute value used on links that are opened in a new browsing context with target="_blank". It is a web security feature designed to prevent the opened page from gaining access to the window object of the page that opened it.

Without noopener, the new page can access window.opener and potentially manipulate the original page, a class

In practice, developers typically apply rel="noopener" to external links that open in a new tab or window.

Compatibility and usage: relnoopener is supported by all major modern browsers (Chrome, Firefox, Edge, Safari). It

of
attack
commonly
called
tabnabbing
or
phishing.
By
setting
noopener,
the
browser
ensures
that
the
opened
page's
window.opener
is
null,
preventing
scripts
on
the
new
page
from
controlling
or
redirecting
the
originating
page.
For
broader
privacy
or
compatibility,
rel="noreferrer"
can
be
used
to
also
suppress
the
Referer
header
sent
to
the
destination.
The
common
pattern
rel="noopener
noreferrer"
covers
both
protections,
and
many
developers
use
it
as
a
default
for
external
links.
Some
browsers
treat
"noreferrer"
as
implying
"noopener,"
but
behavior
can
vary
across
environments,
so
explicit
usage
of
"noopener"
is
generally
recommended.
is
considered
a
best
practice
when
using
target="_blank"
to
reduce
the
risk
of
tabnabbing
and
other
opener-based
attacks.
While
it
does
not
replace
other
security
measures,
it
provides
a
simple,
effective
defense
for
external
links
opened
in
new
contexts.