Free SEO by IBS Group
Low impactSecurity

Missing rel='noopener'

External target='_blank' links without rel='noopener' create a security and performance issue.

What it means

<a target='_blank'> links without rel='noopener' (or rel='noreferrer') let the opened page access window.opener, a known phishing vector.

Why it matters

Without noopener, the new tab can run navigation attacks against the original tab. Also, browsers run both pages on the same thread without it.

How to fix it

  1. Add rel='noopener noreferrer' to every <a target='_blank'>.
  2. Use a global lint rule (ESLint react/jsx-no-target-blank) to enforce.

Example

Before
<a href="https://other.com" target="_blank">Link</a>
After
<a href="https://other.com" target="_blank" rel="noopener noreferrer">Link</a>

Find this issue on your site automatically

FreeSEO scans for missing rel='noopener' and 140+ other issues, free, no signup.

Run a free scan Explore all free SEO tools

Frequently asked questions

Is rel='noreferrer' enough?

Yes, noreferrer implies noopener. But specifying both is safest across older browsers.

Related issues

Broken External Links
Outbound 404 links erode user trust and waste crawl signals. Here's how to find and fix them.