Issues

Security: Unsafe Cross Origin Links

back to issues overview

Unsafe Cross Origin Links

URLs that link to external websites using the target=”_blank” attribute (to open in a new tab), without using rel=”noopener” (or rel=”noreferrer”) at the same time.

Using target=”_blank” alone leaves those pages exposed to both security and performance issues for some legacy browsers, which are estimated to be below 5% of market share.

Setting target=”_blank” on <a> elements implicitly provides the same rel behaviour as setting rel=”noopener” which does not set window.opener for most modern browsers, such as Chrome, Safari, Firefox and Edge.

How to Analyse in the SEO Spider

Use the ‘Security’ tab and ‘Unsafe Cross-Origin Links’ filter to view these URLs.

The external links that contain the target=”_blank” attribute by itself can be viewed in the ‘Outlinks’ tab and ‘target’ column.

They can be exported alongside the pages they are linked from via ‘Bulk Export > Security > Unsafe Cross-Origin Links’.

What Triggers This Issue

This issue is triggered when a URL contains links to external websites using the target=”_blank” attribute (to open in a new tab), without using rel=”noopener” (or rel=”noreferrer”) at the same time.

For example:

<a href="https://www.screamingfrog.co.uk" target="_blank">Screaming Frog</a>

How To Fix

Consider the benefits of including rel=”noopener” link attribute on any links that contain the target=”_blank” attribute to avoid security and performance issues for the users of legacy browsers that may visit the website.

Further Reading

Back to top