What do the REL attributes noopener and noreferrer mean?
Rel attributes noopener & noreferrer & nofollow
When you let a link open in a new tab/window, there is a target_"blank" added to the link, but since the last update of WordPress, automatically they add the rel attribute "noopener and noreferrer" to it at the same time. There is a well-known vulnerability for target=”_blank” tag. And those attributes are added to solve this problem.
Noopener determines that the external website can not load pages without the permission of the actual owner. This is a safety measure and I recommend that you always keep this in there.
Noreferrer determines whether information is transmitted to the external website about the origin of the website visit. Thus, the external website can't see that the website visit is from your website. No referrer means that no information will be leaked on following the link. It mainly specific tell the browsers not to pass any HTTP info if the person clicks the hyperlink. It's for security, and which info leaking they are talking about is a riddle to me too.
Both attributes have something to do with your own security. And it's for your own best interest to leave them as it is.
Nofollow. Don't confuse the rel=noreferrer with the rel=nofollow attribute. Nofollow takes care of the fact that your link will not be followed by the spider bots. However, I always wonder if Google honors this wish. Perhaps it's just wishful thinking.
Recent Comments
31
Re: "noreferrer" - It seems to me that the "third-party" website will not be able to determine where traffic is coming from - which reduces the competition (to Google) from being named. For instance, if your authority site is just so big, ranked high, and so amazing, that your referrals out provide a backlink boost to sites you link out to, there's more of a chance they are selling "ad" space, raising revenue, and there's more of a chance people will seek links from, say, news sites, or other major sites rather than buy ads from Google. ...I think it's Google's way of protecting itself re: ad income. ..But, I also think the "cat's outta the bag." Amazon has already begun selling ad space, Facebook, Twitter.... etc. In addition, regular little ole blogs, some of which have become quite popular and large, do provide a boost to those who obtain back-links. And, many of these sites no longer allow AdSense on their sites - which denies Google some ad income from major sites ..and major traffic. So, this likely little attempt to protect its ad income, will not last long as other search engines and sites continue to gain ground.
The problem I have is that I have numerous links out to either some of my other posts, pages, etc. and I did use the target=_blank to simply keep the reader on my site where they were and not lose their place if they wish to view whatever I'm talking about in another tab. ..This inability to "transfer or keep the info" will affect my ability to tell me which page may be feeding another particular page... So, yes, this actually poses a problem... from what I can see.
Since I'm no expert on Google, maybe this does have to do with some security issue they "sold" to WP. But, I am also quite skeptical of Google, Facebook and all the censoring that's been going on - which is why I'm not buying into this claim. I think it's self-preservation and control, nothing more.
~MMH
Perhaps you can bypass this by using a footer code?
Here you can read more about this. Tiny script opens external links in new tab: easy
Thanks, but using a script doesn't really solve the problem I'm more concerned about. Yes, this will provide the convenience I was looking for... but.. tracking the actual referrer is another issue. I purposely set up the target=_blank code to actually see what page may be feeding another. So, using this script ...doesn't really answer the Google problem... But, thank you for sending me the info on the script! ...I'll look into it!
~MMH
Loes - This is well explained and I can understand why WordPress has done this. Where do you find these settings in WordPress. I opened (edited a link) with the setting open in new tab, but I don't see them. Are they in the general settings area. As always I appreciate the information you provide. It helps make me a better Webmaster.
Hi Loes, think I've understood this! I love all the new info I collect here, but occasionally it seems like my head will explode! Please don't stop dishing it out, I keep it and refer back constantly. Huge thanks! Sue :)
"...can not load pages without the permission of the actual user" . You mean 'actual owner'?
What is the meaning of "load"? is it a copy protection? What is external website? Visitor?
Do not understand the definition of Noreferrer.
Yes, you are right, I will change user into owner
no referrer means that no information will be leaked on following the link. It mainly specific tells the browsers not to pass any HTTP info if the person clicks the hyperlink.
Which info leaking they are talking about is a riddle to me too
See more comments
Thanks for the explanation.
You´re welcome Darlene:)