No Referrer

The rel="noreferrer" attribute enhances privacy by instructing the browser to not send a Referer header when users click on (or prefetch) a link. It also enhances security by preventing the linked page from gaining access to the linking page via the window.opener object.

No Referrer module provides a filter which, if enabled for a text format, adds rel="noreferrer" to external links, rel="noopener" to links with a target, and referrerpolicy="no-referrer" to external resources. You can toggle these attributes on and off if, for example, you want only the security protections of rel="noopener" without the privacy protections of rel="noreferrer".

You will probably want to enable the Add referrerpolicy="no-referrer", rel="noopener" and/or rel="noreferrer" filter on all of your text formats.

No Referrer module also adds rel="noopener" and rel="noreferrer" to links generated by code (e.g. link fields and menu items). On Drupal 7, processing each link may have a small negative impact on site performance, so there is a setting to enable this behavior.

The settings page allows site administrators to define a list of allowed domains for which rel="noreferrer" and referrerpolicy="no-referrer" will not be added. For a network of sites which should share a common list of allowed domains, you can publish your domain allowlist as a JSON file, or subscribe to another site's domain allowlist.

You can support development by contributing or sponsoring.