Is a Meta Tag or rel='noreferrer' a Better Option for Controlling Referrer Information?

The <meta name="referrer" content="no-referrer"> tag, when placed in the <head> section of an HTML document, controls the behavior of the Referer header for all links on the page. Setting it to no-referrer means that no referrer information will be sent when users click on links, whether internal or external.

Differences and Considerations:

• Scope: The <meta> tag applies to all links on the page, while rel="noreferrer" can be applied selectively to individual links.
• Compatibility: Both methods are well-supported in modern browsers, but older browsers may not respect the <meta> tag.
• Analytics: Both methods would prevent the referrer from being sent, which might affect analytics if you're tracking inbound links.
• SEO: Both methods are aligned with Google's guidelines concerning the security of outbound links, but the <meta> tag is a more blanket approach and might not be necessary if you only want to control specific external links.
• Performance and Security: Both rel="noreferrer" and <meta name="referrer" content="no-referrer"> would provide similar security benefits, protecting against Referer header leaks.

Summary:

• If you want fine-grained control over which links should not send a Referer header, use rel="noreferrer".
• If you're okay with a blanket policy of not sending a Referer header for any links on a specific page, then the <meta> tag is an effective solution.

So, yes, <meta name="referrer" content="no-referrer"> could "do the trick" in terms of security, but it will apply universally to all links on the page, not just the external ones that open in a new tab. Make sure this is in line with your requirements before implementing it.

Read more about that on: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy