Back to glossary

Noopener

The noopener attribute is an additional security measure used in HTML links that open in a new window or tab. By adding this attribute to a link, you prevent the opened page from gaining access to the original page via the “window.opener” property, thus reducing the risk of malicious code execution or data theft.

How Noopener Works

To implement the “noopener” attribute, add it to your anchor (a) tags in your HTML code. Here’s an example of how to use the “noopener” attribute:

<a href="https://example.com" target="_blank" rel="noopener">Visit Example.com</a>

In this example, the link opens a new window or tab and navigates to “https://example.com“. The “noopener” attribute ensures that the opened page cannot access the original page’s JavaScript “window.opener” object.

When to Use Noopener

You should use the “noopener” attribute in situations such as:

  1. External links: When linking to external websites that you don’t have control over, using the “noopener” attribute adds an extra layer of security to protect your website and users from potential vulnerabilities.
  2. User-generated content: If your website allows users to add links, it’s a good practice to use the “noopener” attribute to prevent malicious links from compromising your site’s security.

More Resources: