The <meta name="referrer" content="no-referrer"> tag, when placed in the <head> section of an HTML document, controls the behavior of the Referer header for all links on the page. Setting it to no-referrer means that no referrer information will be sent when users click on links, whether internal or external.
Differences and Considerations:
- Scope: The
<meta>tag applies to all links on the page, whilerel="noreferrer"can be applied selectively to individual links. - Compatibility: Both methods are well-supported in modern browsers, but older browsers may not respect the
<meta>tag. - Analytics: Both methods would prevent the referrer from being sent, which might affect analytics if you're tracking inbound links.
- SEO: Both methods are aligned with Google's guidelines concerning the security of outbound links, but the
<meta>tag is a more blanket approach and might not be necessary if you only want to control specific external links. - Performance and Security: Both
rel="noreferrer"and<meta name="referrer" content="no-referrer">would provide similar security benefits, protecting against Referer header leaks.
Summary:
- If you want fine-grained control over which links should not send a
Refererheader, userel="noreferrer". - If you're okay with a blanket policy of not sending a
Refererheader for any links on a specific page, then the<meta>tag is an effective solution.
So, yes, <meta name="referrer" content="no-referrer"> could "do the trick" in terms of security, but it will apply universally to all links on the page, not just the external ones that open in a new tab. Make sure this is in line with your requirements before implementing it.
Read more about that on: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
COMMENTS