Security Assessment for Links with Cross-Origin Destinations

This page demonstrates the behavior of different link types when opened in a new tab.

Regular Link

This link opens in a new tab without any specific rel attribute. It allows on old Browsers the new page to access the window.opener property, potentially leading to security vulnerabilities. Affected Browsers:

• Chrome/Edge < 88
• Firefox < 79
• Safari < 12.1
• Safari iOS < 12.2

Source for Browser compatibility information: MDN Web Docs – The Anchor element

Link with rel="noopener"

This link uses the rel="noopener" attribute, which opens the link in a new tab while ensuring the new page cannot access the window.opener property. This enhances security.

Link with rel="noreferrer"

This link uses the rel="noreferrer" attribute, which has the same effect as rel="noopener" and additionally prevents the browser from sending the HTTP referrer header to the new page. This enhances both security and privacy.