When you open another page using
target="_blank", the other page may
run on the same process as your page, unless Site Isolation is enabled.
also suffer. See The Performance Benefits of
The other page can access your
window object with the
This exposes an attack surface because the other page
can potentially redirect your page to a malicious URL.
See About rel=noopener.
rel="noreferrer" to each of the links that Lighthouse
has identified in your report. In general, when you use
<a href="https://examplepetstore.com" target="_blank" rel="noopener"> Example Pet Store </a>
rel="noopener"prevents the new page from being able to access the
window.openerproperty and ensures it runs in a separate process.
rel="noreferrer"attribute has the same effect, but also prevents the
Refererheader from being sent to the new page. See Link type "noreferrer".
Lighthouse uses the following algorithm to flag links as
- Gather all
<a>nodes that contain the attribute
target="_blank"and do not contain the attribute
- Filter out any same-host links.
Because Lighthouse filters out same-host links, there's an edge case that you
might want to be aware of if you're working on a large site. If your page opens
a link to another section of your site without using
performance implications of this audit still apply. However, you won't see these
links in your Lighthouse results.