Noopener

What is Noopener?

The term “noopener” refers to the rel="noopener" HTML attribute that’s added to links set to open in a new browser tab or window for security reasons.

The purpose of this attribute is to provide an additional level of security for site visitors, specifically by preventing a third-party website you link to from taking control over the browser tab through the window object (the window.opener property).

Here’s how it looks in HTML code:

<a href="https://ahrefs.com" rel="noopener" target="_blank">Best SEO tool</a>

Why is Noopener important?

Without the rel=“noopener” attribute, the linked website could take control of the linking page tab in a browser and redirect it to a phishing page or a malicious website. This could be used to steal personal data or install malware.

This attribute on external links protects website visitors from this backdoor hack. And since it doesn’t impact your site’s SEO at all, you can safely use it to maximize security for all of your users.

Since 2017, this attribute has been added automatically to the links that open in a new window or tab in WordPress. However, it can (and should) be added to all external links, not just in WordPress.

The good news is, since 2020, most browsers automatically process links with target_blank (open in new tab/window) as if rel="noopener" is set on them.

Does Noopener impact SEO?

Some site owners have expressed reluctance to use the “noopener” attribute because they’re worried it will affect their site’s SEO.

However, “noopener” has zero impact on SEO, in terms of both crawling and link juice flow. The “noopener” attribute works on the browser level, preventing security vulnerabilities.

Do you need to use noopener on your website?

If you’re using WordPress, then you’re probably using “noopener” automatically. Keep in mind that modern browsers will process links with target_blank as if rel="noopener" is present anyway, but it provides an additional level of safety for your users if they don’t have a modern browser. 

On the other hand, if you don’t use WordPress, it’s a good practice to manually include “noopener” on links that open in a new tab/window. This will protect those visitors who might be using older versions of browsers. 

However, while the use of “noopener” does a good job of protecting users from malicious code, it’s still important to think carefully about where you link to in the first place. By choosing only authoritative and trusted websites to point to, you minimize the risk to your users. 

But in cases where websites change, die, or are resold, today’s good links could be tomorrow’s malicious ones – and you won’t even know about it when they change. That makes “noopener” an important extra layer of security to ensure your users stay safe, no matter which links they click on your site.