Home / Tools / Add rel="noopener" to links that open in a new tab
Content & Files · Scan Check Guide

Add rel="noopener" to links that open in a new tab

20 min Impact: medium Effort: low ✓ Scan-verified — no manual checkbox

Any link on your site that opens in a new tab (target="_blank") without rel="noopener" gives that new tab partial JavaScript access back to your original page — a malicious destination site can use this to silently redirect your original tab to a phishing page while the visitor is looking at the new one ("tab-nabbing").

A link with target="_blank" but no rel="noopener" gives the page it opens partial control over your original tab via window.opener — a real technique used to redirect your original tab to a phishing page while the visitor looks at the new one.

How to fix it

  1. 1
    Find every target="_blank" link on your site
    Search your templates/theme for target="_blank" — this often includes social share links, external partner links, and footer links.
  2. 2
    Add rel="noopener" to each
    <a href="..." target="_blank" rel="noopener"> — this single attribute closes the vulnerability with zero visible change to the link's behavior.
  3. 3
    Add noreferrer too if you don't want to leak referrer data
    rel="noopener noreferrer" also prevents the destination site from seeing which page on your site linked to them.

Common mistakes

How you'll know it's done

Every target="_blank" link on your site includes rel="noopener".

H.I.V.E. checks this automatically

Fix it, then re-scan — the check confirms itself. No manual checkbox, the scan is the truth.

Run this check in H.I.V.E. →