path: root/devdocs/html/attributes%2Frel%2Fnoopener.html

<header><h1>rel=noopener</h1></header><div class="section-content">
<p>The <code>noopener</code> keyword for the <a href="../rel"><code>rel</code></a> attribute of the <a href="../../element/a"><code>&lt;a&gt;</code></a>, <a href="../../element/area"><code>&lt;area&gt;</code></a>, and <a href="../../element/form"><code>&lt;form&gt;</code></a> elements instructs the browser to navigate to the target resource without granting the new browsing context access to the document that opened it — by not setting the <a href="https://developer.mozilla.org/en-US/docs/Web/API/Window/opener"><code>Window.opener</code></a> property on the opened window (it returns <code>null</code>).</p> <p>This is especially useful when opening untrusted links, in order to ensure they cannot tamper with the originating document via the <a href="https://developer.mozilla.org/en-US/docs/Web/API/Window/opener"><code>Window.opener</code></a> property (see <a href="https://mathiasbynens.github.io/rel-noopener/" target="_blank">About rel=noopener</a> for more details), while still providing the <code>Referer</code> HTTP header (unless <code>noreferrer</code> is used as well).</p> <p>Note that when <code>noopener</code> is used, nonempty target names other than <code>_top</code>, <code>_self</code>, and <code>_parent</code> are all treated like <code>_blank</code> in terms of deciding whether to open a new window/tab.</p> <div class="notecard note" id="sect1"> <p><strong>Note:</strong> Setting <code>target="_blank"</code> on <code>&lt;a&gt;</code> elements now implicitly provides the same <code>rel</code> behavior as setting <code>rel="noopener"</code> which does not set <code>window.opener</code>. See <a href="../../element/a#browser_compatibility">browser compatibility</a> for support status.</p> </div>
</div>
<h2 id="specifications">Specifications</h2>
<div class="_table"><table class="standard-table">
<thead><tr><th scope="col">Specification</th></tr></thead>
<tbody><tr><td><a href="https://html.spec.whatwg.org/multipage/links.html#link-type-noopener">HTML Standard <br><small># link-type-noopener</small></a></td></tr></tbody>
</table></div>
<h2 id="browser_compatibility">Browser compatibility</h2>
<div class="_table"><table>
<thead>
<tr id="bct-browser-type">
<th></th>
<th colspan="6">Desktop</th>
<th colspan="6">Mobile</th>
</tr>
<tr id="bct-browsers">
<th></th>
<th>Chrome</th>
<th>Edge</th>
<th>Firefox</th>
<th>Internet Explorer</th>
<th>Opera</th>
<th>Safari</th>
<th>WebView Android</th>
<th>Chrome Android</th>
<th>Firefox for Android</th>
<th>Opera Android</th>
<th>Safari on IOS</th>
<th>Samsung Internet</th>
</tr>
</thead>
<tbody><tr>
<th><code>noopener</code></th>
<td class="bc-supports-yes">49</td>
<td class="bc-supports-yes">79</td>
<td class="bc-supports-yes"><details><summary>52</summary>Before Firefox 63, <code>rel="noopener"</code> created windows with all features disabled by default. Starting with Firefox 63, these windows have the same features enabled by default as any other window.</details></td>
<td class="bc-supports-no">No</td>
<td class="bc-supports-yes">36</td>
<td class="bc-supports-yes">10.1</td>
<td class="bc-supports-yes">49</td>
<td class="bc-supports-yes">49</td>
<td class="bc-supports-yes"><details><summary>52</summary>Before Firefox 63, <code>rel="noopener"</code> created windows with all features disabled by default. Starting with Firefox 63, these windows have the same features enabled by default as any other window.</details></td>
<td class="bc-supports-yes">36</td>
<td class="bc-supports-yes">10.3</td>
<td class="bc-supports-yes">5.0</td>
</tr></tbody>
</table></div><div class="_attribution">
  <p class="_attribution-p">
    &copy; 2005&ndash;2023 MDN contributors.<br>Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.<br>
    <a href="https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/rel/noopener" class="_attribution-link">https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/rel/noopener</a>
  </p>
</div>