All outbound links now include `rel="noopener noreferrer"` attribute.
This security improvement prevents the new page from being able to
access the `window.opener` property and ensures it runs in a separate
process.
`rel="noopener"`:
When a new page is opened using `target="_blank"`, the new page runs
on the same process as the originating page, and has a reference to
the originating page `window.opener`. By implementing
`rel="noopener"`, the new page is prevented to use `window.opener`
property.
It's security issue because the newly opened website could
potentially redirect the page to a malicious URL. Even though
privacy.sexy doesn't have any sensitive information to protect, this
can still be a vector for phishing attacks.
`rel="noreferrer"`:
It implies features of `noopener`, and also prevents `Referer` header
from being sent to the new page. Referer headers may include
sensitive data, because they tell the new page the URL of the page
the request is coming from.
undergroundwires
3a594ac7fd