DEV Community

Cover image for Using "noopener" and ”noreferrer” against Phishing Attacks
Beto Muniz
Beto Muniz

Posted on • Updated on • Originally published at betomuniz.com

Using "noopener" and ”noreferrer” against Phishing Attacks

Want to help users to avoid some Phishing Attacks with HTML?

👉 Use rel="noopener noreferrer" while adding external links to your website to improve user navigation security.

<a rel="noopener noreferrer" href="https://...">
 External Link
</a>
Enter fullscreen mode Exit fullscreen mode

🐿 noopener: tells the browser to remove sensitive data from window.opener object when the user arrives at the destination website.

🤓 noreferrer: protect sensitive data of the origin website removing it from the Referrer header while the user navigates between origin website and destination website.


😋 Super easy security strategy to implement. Adopt this recommendation without moderation.

Top comments (0)