rel="noreferrer" attribute indicates that the browser should not send a
Referer header when following the link. It enhances privacy by allowing users to avoid leaking referrer information when they click on (or prefetch) links to external sites. It also enhances security by preventing the linked page from gaining access to the linking page via the
There is a Drupal 8 module which provides a filter which, if enabled for a text format, adds a
rel="noreferrer"attribute to all external links in user-generated content. You can enable the "No referrer" filter on any of your text formats.
The module also adds a
rel="noreferrer" attribute to all external links generated by Drupal core (e.g. menu module).
This module overcomes the issue raised by Google here
The documentation states: When your page links to another page using
target="_blank" is also a security vulnerability. The new page has access to your
window object via
window.opener, and it can navigate your page to a different URL using
window.opener.location = newURL