Cross-Origin Destinations are Unsafe
●
Permalink
●
suggest edit
Did you know that when you link to another page on your site and open that other page using target="_blank"
that you can cause performance and security issues? Most folks are unaware. It’s best practice to modify your links to add either rel="noopener"
or rel="noreferrer"
to these links to avoid these issues.
- The called page can access your
window
object using thewindow.opener
property from script which poses a potential security risk. - The calling and called page may run within the same browser process which can cause your site to appear to have poor performance.
This may also show up in a Google Lighthouse audit. Lighthouse is an open-source, automated tool that is aimed at providing insight into your website’s performance. Lighthouse currently operates in both Chrome and the new Microsoft Edge built on Chromium. As an example, when I run Lighthouse against one of my posts inside of Microsoft Edge, I can see that I have links I must update as well:
I have some links I’ll have to update.