Easy buddy ! We all were concerned as you are now. Few updates back (WordPress 4.7.4 to be exactly) rel=”noopener noreferrer” to target=”_blank” were appearing on external and internal links that are set to open in a new tab (target_blank) on the website.

This issue was noticed by Jess, our WordPress developer while debugging with codes. Being aware of basic SEO she was fascinated to noreferrer and started dreaming about how all SEO’s will react to this (dream level Ultra Horror).

Well, I too was a bit concerned when Jess brought her laptop and 2 brownies(which she felt will help me calm in this disaster). Generally, noreferrer is understood as referring nobody or no-follow in the case of SEO but it is not.

No-follow tags are a mixed dream of SEO’s as using them on site stop the flow of link juice to flow from one site to another, which directly affects ranking and PA of a page.

 

So what are noopener and noreferrer tags?

rel=”noopener”
rel=”noopener” basically disowns its opener when a link is opened in new tab. This means that its window.opener property will be null when opening a link in a new tab, instead of same page from where the link was opened.

rel=”noreferrer”
noreferrer is a new link type added in HTML5 which hides the source of the traffic going from the website. Technically it stops the browser from sending a HTTP referrer header if the user follows the hyperlink.

Does noopener and noreferrer affects my SEO?

No, as per Moz community discussion. The tag deals with security aspect of a link but not the SEO part. This tag only serves its purpose when they don’t want referrer information such as Browser, OS, region to get passed along.

UPDATE: WordPress has discarded noreferrer and is using noopener only. This update is a very relaxing for analytics companies as its continuity would have created a chaos because of undefined data received in analytics.noopener-default

 

How noopener and noreferrer tags help in security?

Noopener and noreferrer tags were the initiative towards stopping a vulnerability which is exploited with links which are opened in new tab. Very few of the members were aware of this vulnerability, so WordPress took this initiative to improve their users’ security.

Reverse Tabnabbing is a phishing attack where the attacker replaces the legitimate and trusted page tab with a malicious document.

Hold your horses, let me explain.  When someone opens a new tab, the phisher detects the referral URL via window.opener and pushes a new url using window.opener.location = newURL.

This way no one will have a clue of falling into phishing attack as they have reached the site from a trusted source (WordPress built website).

Using rel=”noopener” stops the phisher from getting information about the source of the link and any data associated with referrer link.

noreferrer tag is discarded but how it can be used?

For seeing it real time we setup two urls

<a href=”https://www.social9.com/“>Refering from our Dummy Page</a>

<a href=”http://www.social9.com/” rel=”noreferrer”>No Referrer Page</a>

Then we check the log files. Here are the results.

 

Log Entry for 1st URL with no rel=noreferrer :
142.68.XXX.XXX – – [18/May/2017:14:25:01 -0400] “GET / HTTP/1.1” 200 2932 “https://www.social9.com/?p=2432&preview=true” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome58.0.3029 Safari/537.36”

 

Log Entry for 2nd URL with rel=noreferrer :

::1 – – [18/May/2017:14:26:17 -0400] “OPTIONS * HTTP/1.0” 200 125 “-” “Apache/2.4.20 (Ubuntu) PHP/5.5.22-1ubuntu16.04 OpenSSL/1.0.1f (connection created locally)”

It strips down the referring domain, referring IP and information related to the browser used.
This is what I and my team have dug out for noopener and noreferrer tags. We are now clear on the fact that these tags on WordPress site do not affect SEO.

 

For more discussion on this topic, you can comment below.