rel=”noopener noreferrer”: Beginner’s Guide & Use Cases
In modern HTML development, you’ll often encounter the attribute rel="noopener noreferrer" in external links. It may seem confusing at first, but this simple snippet plays an important role in web security and privacy. Whether you’re managing your own site or using a CMS like WordPress, understanding how and when to use rel="noopener noreferrer" is essential.
This tutorial explains what the attribute means, how it works, when to use it, and whether it affects SEO. Beginners will find this guide useful to write safer HTML and make informed decisions about external links.
Table of Contents
- What is
rel="noopener noreferrer"? - Why You Should Use
rel="noopener noreferrer" - How to Use
rel="noopener noreferrer"Correctly - HTML Examples with
noopener noreferrer - Does
rel="noopener noreferrer"Affect SEO? - WordPress and
rel="noopener noreferrer" - Common Misconceptions
- When Not to Use
noreferrer - Developer Tips for Link Security
- Advanced FAQs
What Does rel="noopener noreferrer" Mean?
The rel attribute in HTML defines the relationship between the current document and the linked one. When using rel="noopener noreferrer", you’re combining two specific values noopener and noreferrer to improve link behavior. These attributes are most often used with target="_blank", which opens links in a new tab.
Each part serves a distinct purpose. noopener prevents the new tab from accessing your original page’s window object, and noreferrer ensures that the destination page won’t receive information about your page’s URL. Combined, they enhance both privacy and security.
Key points:
rel="noopener"protects against tabnabbing by disabling access towindow.opener.rel="noreferrer"hides the referrer information from the destination site.- Best used together with
target="_blank"in external links.
Why Use rel="noopener noreferrer"?
Security is the main reason people add rel="noopener noreferrer" to links. Without noopener, external pages opened in a new tab can potentially manipulate your original page via JavaScript. This is known as a tabnabbing attack, which could redirect users to phishing pages. Adding noopener prevents this.
The noreferrer attribute adds a layer of privacy by not sending the referring page’s URL to the destination. While this can sometimes interfere with affiliate tracking, it’s useful in cases where user privacy is a priority.
Why it matters:
- Prevents malicious sites from accessing and modifying your page.
- Helps avoid phishing and tabnabbing attacks.
- Stops passing referral data, which can be useful for privacy-conscious websites.
When Should You Use rel="noopener noreferrer"?
You don’t need to use rel="noopener noreferrer" on every link, but it is strongly recommended when using target="_blank". Opening links in new tabs introduces potential vulnerabilities if left unprotected. These attributes are especially important when linking to third-party content or untrusted sources.
For WordPress users, these values are often added automatically for security reasons. However, knowing when and why to use them helps you maintain control over your site’s behavior.
Use it when:
- Linking to external websites using
target="_blank". - Adding affiliate or monetized outbound links.
- Publishing guest posts or linking to unverified sources.
- You want to protect users and keep their session secure.
How to Add rel="noopener noreferrer" in HTML
Adding the attribute is simple. In HTML, you add it directly to the anchor tag that includes target="_blank". If you’re using a CMS like WordPress, most modern editors will include it for you automatically. Still, it helps to know how to add or modify it manually when needed.
If you’re editing raw HTML or working with custom templates, here’s what the correct implementation looks like.
Examples and tools:
- Basic syntax:
<a href="https://example.com" target="_blank" rel="noopener noreferrer">Visit Example</a> - In WordPress block editor, it’s automatically applied.
- In Classic Editor, add it manually under the “Text” tab.
- Some plugins allow you to customize rel attributes easily.
Right-click a link → Inspect Element → Confirm rel=”noopener noreferrer” is present. Check that the browser console doesn’t throw any security-related warnings.
Does rel="noopener noreferrer" Affect SEO?
One common misconception is that rel="noopener noreferrer" might harm SEO. In reality, these values do not impact rankings. Google has publicly stated that using noopener or noreferrer does not affect how your content is indexed or ranked in search results. The only time SEO is impacted is when nofollow is used, which stops passing link equity.
That said, noreferrer does hide referrer data, which could affect analytics or affiliate systems. Be cautious with it if tracking is a core part of your strategy.
What to remember:
- Google does not penalize links using
noopener noreferrer. noreferrerdisables referrer data, which may affect affiliate tracking.nofollowis the attribute that influences SEO, notnoopenerornoreferrer.
How WordPress Handles rel="noopener noreferrer"
Starting with WordPress version 4.7.4, all external links with target="_blank" automatically get rel="noopener noreferrer" added for security. This change protects users from tabnabbing without requiring manual input. While this is a good feature, some users might be surprised to see these attributes in their HTML editor or page source.
There are cases where you may want to remove or modify these attributes, such as preserving referrer data for analytics or affiliate programs. Plugins can help manage this behavior.
Important notes:
- WordPress automatically adds
rel="noopener noreferrer"fortarget="_blank"links. - Some plugins allow removal or customization:
- WP External Links
- Remove noreferrer
- Generally, it’s recommended to keep these attributes enabled for safety.
Common Mistakes and Best Practices
Many developers confuse noreferrer, nofollow, and noopener. While they all live within the rel attribute, they serve different purposes. Misusing them could lead to loss of traffic insights or create potential security risks. Always review your links, especially those that open in new tabs and apply best practices consistently.
Avoid overusing noreferrer where referrer data is important and don’t forget to use noopener when using target="_blank" to avoid security gaps.
Best practices:
- Always use
noopenerwithtarget="_blank". - Use
noreferrerwhen you want to hide referral info. - Combine with
nofollowwhen linking to untrusted sources. - Don’t use
noreferrerif you rely on referrer analytics. - Don’t confuse
noreferrerwithnofollow.
Do You Really Need rel="noopener noreferrer"?
Yes, for most external links that open in a new tab, using rel="noopener noreferrer" is a best practice. It helps maintain site security, user trust, and even keeps your content compliant with what modern browsers expect. While noreferrer should be used thoughtfully, noopener is almost always a must when using target="_blank".
Use this attribute as a small but powerful way to make your site safer and more professional.
When to use it:
- External links with
target="_blank" - Affiliate or outbound links
- Third-party or untrusted content
- Internal links that open in the same tab
- When referral data is essential and
noreferrerblocks it
Frequently Asked Questions
1. Can I use rel="noopener noreferrer" on internal links?
While technically allowed, it’s unnecessary. These attributes are primarily designed for external links with target="_blank". Using them on internal links doesn’t provide any added security and may negatively affect internal analytics if noreferrer is used.
2. What happens if I only use noopener without noreferrer?
If you only use noopener, the new tab won’t have access to the original tab’s window.opener, which prevents tabnabbing. However, the referrer data (your page URL) will still be passed to the target site. This is often preferred when you want security but still want referral tracking to function.
3. Is there a performance impact when using rel="noopener noreferrer"?
No, using rel="noopener noreferrer" has no measurable impact on website performance or page load times. It’s a metadata attribute, processed instantly by the browser.
4. Can I dynamically add rel="noopener noreferrer" with JavaScript?
Yes, developers can use JavaScript to dynamically assign these attributes to anchor tags, especially when rendering links via APIs or SPAs. Example:
document.querySelectorAll('a[target="_blank"]').forEach(link => {
link.setAttribute('rel', 'noopener noreferrer');
});
5. Does rel="noopener noreferrer" work in all browsers?
Yes, modern browsers like Chrome, Firefox, Safari, and Edge fully support noopener and noreferrer. Older versions of Internet Explorer (pre-11) may not fully support noopener, so fallback logic may be necessary if supporting legacy browsers.
Build a Stunning Website in Minutes with TemplateToaster Website Builder
Create Your Own Website Now
Hi Param,
I am facing this issue on my WordPress blog for last some days. It automatically adds rel=”noreferrer noopener” attribute to all links. I added nofollow in the beginning, so it will finally become rel=”nofollow noreferrer noopener”. But Yoast says it is a dofollow link. Why so ? I hope the new change won’t affect our SEO, as you said in the post. But I am confused about Yoast notification.
Interesting explanation about the difference in nofollow and noopener , noreferrer. Any thoughts if this will affect affiliate links tracking?
what about affiliate sales if someone clicks a no refer link,
can my vendor record a transaction?
As it appears, however, it only affects new links, which are entered directly via the editor. Existing links are probably not affected. So wait and see what WordPress does.
Noopener tags are used to improve the performance browser:
https://jakearchibald.com/2016/performance-benefits-of-rel-noopener/
My question is that whether re=noopener pass link juice to external links or not ? Plz anyone brief and explain this to me
Yes, noreferrer tag won’t hurt link juice.
There is WordPress plugin which will help you remove these from your pages and posts. https://wordpress.org/plugins/udinra-noopener-noreferrer-remove/
So, do we add in nofollow with the noopener noreferrer to get affiliate links to be nofollow?
We use the rel noopener on my Website and i can say, that the SEO is not affected
Is there any effect of “noopner” with href tag? I published some article on ezine about flowers and gift, no I got some of these flowers related article on other website with same links of my website. Is it beneficial for my website or not?
is a noopner link , a dofollow link?!!
hmmmm… I think i can relax a bit now, but still i need SEO expert to Audit my site pls. any one? I have been battling series of drop and traffic has gone worst.. Pls help
I think the solution to this would be just to use the noopener tag and let go of the noreferrer tag. the reasoning is quite simple: You eliminate the vulnerability and still have the referrer in your Agents http information. What do you think?
Same problem here -_-
Thanks for sharing 😉 i am still in doubt…i hope rel=noreferrer noopener tag won’t hurt link juice..
hard to get Backlink :((
it is all fantastic….but wich is the syntax??!?!?!?
1. <.... rel="nofollow" rel="noopener"....>
or
2. <.... rel="nofollow noopener"....>
Is possible have two attrib. rel= in the same element?
people use this at time of back linking or guest post linking so can we keep it or need tell them remove form guest post because we need benefit form blog post
Hello
Noopener, in my opinion, helps improve the browser and search engine, but it’s a good technique
Thanks for giving me such valuable information..i will used on my website.
I need to check this out. Thanks!
Why not just keep the noopener and noreferrer attributes and add also the nofollow attribute? Is there any reason you cannot use all three?
What is the difference between noopener and noreferrer?
hello, thank you a ton for this piece.
Can you please show us a way to stop the link rel”noreferrer” from being applied to a WordPress site using the Gutenberg editor.
I have toiled the web without finding a solution. Worst-case-scenario, when you remove the tag from WordPress, it will still attach it back on the live web page.
Please don’t disregard. I really need a fix for this.
Would you mind adding an option in this post that provides solution? Thank you so much in advance
I’ve seen this attribute show up in my WordPress editor but never knew what it actually did. Thanks for breaking it down in simple terms, very helpful for non-coders like me.