No-opener is an HTML attribute written as rel=”noopener” and used in outbound links. But why use no-opener in links?
A simple answer is that webmasters use this tag in a link’s HTML code to add an extra layer of security to their pages to safeguard their users from phishing scams.
Let’s understand this interesting tag and its impact on online security in this FastLinky Blog post.
rel=”noopener” | A tag in an external link’s HTML code that prevents the destination page from knowing the details of the referral page. |
target”=_blank” | An attribute that determines where the new document will open after a link is clicked. |
HTML (Hypertext Markup Language) | A programming language used to build websites. |
External Links (also known as outbound links) | A link on your page that takes users to pages of another website for related additional information. |
Phishing | An online scam where users are tricked into clicking on a link that opens a page designed to steal their sensitive data like passwords. |
Tabnabbing | Hackers can hijack an inactive tab and direct users to malicious pages that look like the original ones. This is called tabnabbing. |
Clickjacking | A hacking technique where hyperlinks are hidden beneath legit links to trick users into clicking on malicious links. |
Hacker | A cybercriminal who gains unauthorised access to a network or computer system to steal data or harm computers. |
Hijack | An unauthorised access to a user’s data or session by a hacker. |
Destination Page | The page of another website a user will view after clicking on an external link on your page is called the destination page. |
Referral Page | Your page that carries the external link that takes users to the pages of other websites is called the referral page. |
JavaScript | A programming language used to build interactive webpages. |
Internal Links | Links that connect different pages on the same website. |
Malware | a kind of software hackers use to steal data or harm a computer. |
SEO (Search Engine Optimisation) | A process to improve a webpage’s ranking in search results for greater online visibility. |
SERP (Search Engine Results Page) | One of the many pages that Google returns against a search query. |
Crawling | The process through which search engine algorithms evaluate and index a webpage. |
Link Equity (also known as link juice) | The value an authoritative website attaches to your pages when it links its content to yours through external links. |
SEO Spam (also known as Spamdexing) | An unethical practice of manipulating search engines for a site’s better SERP ranking. |
To understand why use no-opener in links, you must first understand what this tag is and its relationship to cyber security.
A noopener tag is added to the HTML code of an external link that prevents the destination page from gathering any sensitive details of the referral page.
This tag is written as rel=”noopener” in the HTML.
Webmasters provide outbound links in their content so their users can get valuable relevant and additional information.
This attribute in an outbound link’s HTML code will open the link in a new tab.
Let’s look at an example. Suppose you give an external link to FastLinky and you want it to open in a new tab.
The HTML code for this purpose may look like this–
<a href=”http://www.fastlinky.com”>click to visit FastLinky.com</a>
This will appear on your page as an outbound link to FastLinky and may look like ‘Click to visit Fastlinky.com’.
But when a user clicks on this link, FastLinky will open on the same browser tab he is using.
You may not want this.
Opening linked pages on the same tab is fine so long as the links are Internal and will keep your users on pages of your website.
But you may not want them to leave your page and visit FastLinky. At the same time, you also want them to visit FastLinky for valuable additional information.
What to do?
The thing to do is to use a target”=_blank” attribute in the HTML of your external link to FastLinky.
The link will then open in a new tab and the user will stay on your page in the original tab. The link then may look like this–
<a href=”http://www.fastlinky.com” target”=_blank”>Click to visit FastLinky.com</a>
This solves your problem, right?
Wrong! This is the beginning of your and your users’ problems.
Now I’ll give you some alarming statistics about a dangerous cybercrime namely phishing, for which this attribute is primarily used.
These data will help you understand what occasioned this key question we are discussing, why use no-opener in links.
According to a 2024 study, during the first quarters of 2024, a total of 999,956 phishing sites were detected and they mostly target social media platforms.
In 2023 alone, a total of 8.9 million incidents of phishing scams occurred worldwide,
Now let’s take a look at the hacker’s all-time favourite phishing technique called tabnabbing. This rel=”noopener” fights this particular phishing attack most efficiently.
So you have retained your user with you in their original tab and let them visit FastLinky in a new tab.
While they navigate FastLinky, their original tab containing the referral page (your page) remains inactive.
A hacker has been eagerly waiting just for this.
He will launch a phishing attack called tabnabbing to hijack the link to the original tab and put a malicious page in its place that looks exactly like the original referral page.
When the user returns to the referral page, he will have no idea that it was not the referral page that sent him to the destination page of FastLinky.
Completely trusting the referral site, he may key in sensitive data like username-password combination etc. which the hacker will gleefully note down for future reference.
Here lies the real answer to the question, why use no-opener in links.
A rel=”noopener” tag can help parry this phishing blow.
This job of this phisher becomes even easier when a user multitasks on many tabs.
The more a tab remains inactive, the easier it is for the hacker to hijack it and replace it with a dangerous fake.
Adding a rel=”noopener” attribute to the outbound link’s HTML may help prevent this phishing.
This is because it will allow the webmaster to direct his users to other sites on new tabs, but will not allow the destination page to know details of the referral page.
This tag specifically stops hackers from hijacking the referral page through JavaScript.
In short, no sensitive details are compromised.
Now let’s get back to our FastLinky example. If you add this no-opener attribute to the external link’s HTML, the link may look like this–
<a href=”http://www.fastlinky.com” target”=_blank” rel=”noopener”>Click to visit FastLinky.com</a>
Remember one thing though, these hackers are pretty ingenious guys with brilliant coding expertise. They usually find a way.
So don’t think for a moment that adding a no-opener tag will make your site completely inured to tabnabbing.
But it will mitigate the menace to a great extent. That is why webmasters use no-opener tags in external links.
So, why use no-opener in links?
Here are the benefits of rel=”noopener” tag.
Many webmasters are reluctant to use this no-opener tag in their outbound links, thinking it is contraindicated in SEO campaigns.
Since we are discussing why use no-opener in links, I think we should deal with this aspect of this link attribute a little.
Far from harming SEO campaigns, this noopener attribute significantly improves SEO outcomes.
Here are some major reasons for this.
An answer to this question, why use no-opener in links, can be that it provides an extra security layer without interfering with search engine crawlers.
Googlebot will crawl and index pages with or without rel=”noopener” attributes, resulting in no disturbance either in crawling or link equity flow.
This means, neither the referral page nor the destination page will feel any negative SERP impact.
Coupled with the target”=_blank” attribute, rel=”noopener” tag will keep your visitors on your page, even when they navigate pages on other domains.
This will increase their session time with you, which is a key indicator of an efficient on-page SEO campaign.
This rel=”noopener” works on the browser level. It stops destination pages from collecting sensitive information from referral pages.
This largely mitigates the possibility of malicious phishing or hacking of websites and computers.
Thus this useful HTML attribute of external links adds an extra defensive layer to the security cover and helps plug security loopholes.
By stopping destination pages from accessing the data of referral pages, rel=”noopener” may help webmasters reduce the incidents of SEO spam, especially, clickjacking.
Generally, adding this rel=”noopener” is strongly recommended to your external links, especially to those that open in new tabs.
This provides you and your users with an extra layer of security by making things tougher for phishers and hackers.
Besides, another answer to our key question, why use no-opener in links, is that it even improves your SEO campaign by reducing SEO spam like clickjacking.
Due to this security consideration, modern browsers automatically add this tag to external links with target”=_blank” attributes.
You need not and should not use rel=”noopener” attribute to your internal links’ HTML. This tag is designed to work best with external links.
Besides, it may confuse search engine crawlers and give out wrong or faulty Google Analytics reports.
There is no need to add this attribute to your external links to reputed authoritative sites. Even if they know you have linked your content to theirs, no harm done. They won’t phish.
If you are not using a target=”_blank” attribute in your external link, there is no need to add rel=”noopener” to it as this tag is used in links that open in new tabs.
While answering our key question, why use no-opener in links, we’ve learned that along with a target=”_blank” attribute, this rel=”noopener” tag provides you and your users an extra layer of security.
By hiding sensitive data from the destination pages, this attribute provides your external links with a feature that prevents them from accessing sensitive referral page data.
Given the growing cybercrime scenario, you cannot be too cautious while linking your pages to pages belonging to other websites.
But you should not and need not use these links in your internal links or while linking to reputed authoritative sites.
A. no-opener or rel=”noopener” tag is an attribute webmasters add to their external links’ HTML to hide sensitive data from linked pages.
A. This is an external link HTML attribute that opens outbound links in new tabs.
A. This tag, along with target=”_blank”, helps reduce phishing attacks like clickjacking by hiding sensitive data from destination pages.
A. You should not use rel=”noopener” in your internal links and also while externally linking your pages to reputed authoritative sites. If you are not using target=”_blank” tag, you needn’t use this noopener attribute either.