Lighthouse flags unsafe links to cross-origin destinations:
Lighthouse uses the following process to identify links as unsafe:
<a>
tags that contain the target="_blank"
attribute but not the rel="noopener"
or rel="noreferrer"
attributes.Because Lighthouse filters out same-host links, there's an edge case you should be aware of if you're working on a large site: if one page contains a target="_blank"
link to another page on your site without using rel="noopener"
, the performance implications of this audit still apply. However, you won't see these links in your Lighthouse results.
Each Best Practices audit is weighted equally in the Lighthouse Best Practices Score. Learn more in The Best Practices score.
Add rel="noopener"
or rel="noreferrer"
to each link identified in your Lighthouse report. In general, when you use target="_blank"
, always add rel="noopener"
or rel="noreferrer"
:
<a href="https://examplepetstore.com" target="_blank" rel="noopener">
Example Pet Store
</a>
rel="noopener"
prevents the new page from being able to access the window.opener
property and ensures it runs in a separate process.rel="noreferrer"
has the same effect but also prevents the Referer
header from being sent to the new page. See Link type "noreferrer".See the Share cross-origin resources safely post for more information.