1 min read
A small web development thing I’d missed until yesterday:
When you want a link to open a page in a new tab, you’ve long been able to add the attribute target="_blank"
to the tag. The problem was, that actually gave the opened pages rights to their referrer: it opened a security hole that could potentially have leaked user information or opened the door to phishing.
In response to that, the received wisdom was to also add rel="noopener"
to the tag — or, more commonly, rel="noopener noreferrer"
, which strips referrer information from analytics. (Please don’t do this second part. For all kinds of reasons, it’s useful for a publisher to see who’s sending them traffic.) I’ve been adding noopener
for years.
It turns out that browsers have been automatically setting this for links where target="_blank"
since 2021: for three full years (and, actually, longer for Safari and Firefox). So there’s no need to add it anymore. There’s no harm in setting it, but there’s also no need.
· Asides · Share this post
I’m writing about the intersection of the internet, media, and society. Sign up to my newsletter to receive every post and a weekly digest of the most important stories from around the web.