Unsafe Cross-Origin Links Test
tool in developement
About Unsafe Cross-Origin Links Test

This test will check if all links to external pages that have the target="_blank" attribute also have the rel="noopener" or rel="noreferrer" attribute.

When you link to an external site using the target="_blank" attribute, security and performance issues arise:

The external pages you link to may run on the same process as your page. If the other page is running a lot of JavaScript, your page's performance may suffer.

The other page can access your window object with the window.opener property. This may allow the other page to redirect your page to a malicious URL.

Adding rel="noopener" or rel="noreferrer" to your target="_blank" links avoids these issues.

In order to pass this test, you have to update each link identified in this report, by adding a rel="noopener" or a rel="noreferrer" attribute or both:

        <a href="https://example.com" target="_blank" rel="noopener noreferrer">
          Click here
        </a>
  • rel="noopener" prevents the new page from being able to access the window.opener property and ensures it runs in a separate process.
  • rel="noreferrer" has the same effect but also prevents the Referer header from being sent to the new page.