Unsafe Cross-Origin Links Test
About Unsafe Cross-Origin Links Test
This test will check if all links to external pages that have the target="_blank" attribute also have the rel="noopener" or rel="noreferrer" attribute.
When you link to an external site using the target="_blank" attribute, security and performance issues arise:
The other page can access your window object with the window.opener property. This may allow the other page to redirect your page to a malicious URL.
Adding rel="noopener" or rel="noreferrer" to your target="_blank" links avoids these issues.
In order to pass this test, you have to update each link identified in this report, by adding a rel="noopener" or a rel="noreferrer" attribute or both:
<a href="https://example.com" target="_blank" rel="noopener noreferrer"> Click here </a>
- rel="noopener" prevents the new page from being able to access the window.opener property and ensures it runs in a separate process.
- rel="noreferrer" has the same effect but also prevents the Referer header from being sent to the new page.