Unsafe Cross Origin Links
What This Means
URLs that link to external websites using the target=”_blank” attribute (to open in a new tab), without using rel=”noopener” (or rel=”noreferrer”) at the same time. Using target=”_blank” alone leaves those pages exposed to both security and performance issues for some legacy browsers, which are estimated to be below 5% of market share. Setting target=”_blank” on <a> elements implicitly provides the same rel behaviour as setting rel=”noopener” which does not set window.opener for most modern browsers, such as Chrome, Safari, Firefox and Edge.
What Triggers This Issue
This issue is triggered when a URL contains links to external websites using the target=”_blank” attribute (to open in a new tab), without using rel=”noopener” (or rel=”noreferrer”) at the same time. For example:
<a href="https://www.getasky.com" target="_blank">your site</a>How To Fix
Consider the benefits of including rel=”noopener” link attribute on any links that contain the target=”_blank” attribute to avoid security and performance issues for the users of legacy browsers that may visit the website.