No referrer Attribute

Submitted by gazza on Fri, 27/04/2018 - 09:35

The rel="noreferrer" attribute indicates that the browser should not send a Referer header when following the link. It enhances privacy by allowing users to avoid leaking referrer information when they click on (or prefetch) links to external sites. It also enhances security by preventing the linked page from gaining access to the linking page via the window.opener object.

There is a Drupal 8 module which provides a filter which, if enabled for a text format, adds a rel="noreferrer"attribute to all external links in user-generated content. You can enable the "No referrer" filter on any of your text formats.

The module also adds a rel="noreferrer" attribute to all external links generated by Drupal core (e.g. menu module).

This module overcomes the issue raised by Google here

The documentation states: When your page links to another page using target="_blank", the new page runs on the same process as your page. If the new page is executing expensive JavaScript, your page's performance may also suffer. In addition to this, target="_blank" is also a security vulnerability. The new page has access to your window object via window.opener, and it can navigate your page to a different URL using window.opener.location = newURL