SEO glossary: rel="noopener noreferrer"

 

rel attribute Noopener: Close security gap in JavaScript

The rel attribute Noopener is used to close a security gap in JavaScript. To understand how this works, we will first explain how to call up a page via a link:

 

• Users visit website A and read a text on one of the subpages. They find a link in the text to further content on another website B and click on it.
• The operator of website A wants to offer users added value by linking to the content of website B and therefore sets the link, but he does not want to lose his users. He therefore uses the following command when linking: target="_blank".
• This command informs the browser that it should open the link to the linked website B in a new browser tab. The advantage for the operator of website A here is that his page remains open in the previous tab and users are more likely to return to his website.
• However, a security gap opens up when the second tab is opened. The browsers work with the following JavaScript property or the following command: [window.opener]. Unfortunately, this JavaScript property is a gateway for hackers.
• The hackers could use the simple command [window.open.location] and a false URL to redirect users to the wrong websites. The hackers could also gain access to the source code of website A and manipulate it, which could render the website inoperable.

 

This problem of a lack of security arises with external links where the target="_blank" command is used to open a linked page in a new browser tab. This security deficit does not occur with an external link that is opened in the same browser tab as the website A tab.

 

Consequently, all website operators and SEO experts who equip the anchor tags of external links with the command target="_blank" are called upon to use the rel noopener attribute. Here is an example of how to set the rel noopener attribute in the HTML language:

 

<a href="https://www.timospecht.de/" target="_blank" rel="noopener">

 

rel noopener not only increases the security of your own website, but also protects your own website visitors from damage caused by hacker attacks via [window.open.location] and incorrect URLs. It is one of the most important security aspects when setting external links in link building.

 

For all internal links and especially for those external links where the linked page does not open in a new browser tab, rel noopener does not have to be used.

 

For existing websites that have external links with the command target="_blank", but without the rel noopener attribute, an adjustment is required: all external links must subsequently be equipped with rel noopener. Doing this for all links usually involves an enormous amount of work.

 

Plugins have been developed for some content management systems (CMS), such as the WordPress system, which can be used to add HTML attributes such as rel noopener. One example of such a plugin for WordPress is the "Add Target Fixer" plugin.

 

 

Anchor tags with rel attribute noreferrer: Disguise the origin of the link

Normally, website B, which receives a link from website A, can check the origin of the link - I mean:

 

The operator of website B is informed from where the users find their website. However, if the operator of website A sets the rel noreferrer attribute in the tag for the link to website B, the operator of the other website can no longer see the origin of the link; instead of a URL of website A, for example, Google Analytics displays the note "(direct) / (none)".

 

The rel noreferrer attribute should be used when operators of linked websites should not know which website is linking to them. There is no known case in which the origin of the link should be concealed from website operators, but rel noreferrer was introduced for such cases. How to use rel noreferrer correctly:

 

<a href=“https://www.timospecht.de/“ target=“_blank“ rel=“noreferrer“>

 

For the majority of external links, the use of the rel noreferrer attribute is even undesirable. Especially in affiliate marketing, where website operators set affiliate links to other websites and receive a commission if new customers are successfully marketed, the use of the rel noreferrer attribute is completely pointless.

 

Affiliate partners need to know among themselves where the customers come from in order to be able to allocate the commission payments correctly.

 

 

Combination of different HTML attributes: noopener, noreferrer, nofollow and others

It is permitted to combine different attributes with each other. Although some SEO agencies and SEO experts combine the attributes rel noopener and rel noreferrer and use noreferrer as rel noopener in the anchor tag, this combination is usually pointless. The reason for this is simple:

 

Because there is no meaningful purpose for rel noreferrer, there is also no purpose for the combination rel noopener noreferrer.

 

It is different with the attribute combination of noreferrer and nofollow. Combining these two attributes is recommended if the external link is to be opened in a new browser tab and if the linked website is not to be visited by the crawlers. The latter - preventing crawling - is the effect when the nofollow attribute is used.