TechQA.

What is the difference between using Cross-Origin-Opener-Policy and rel="noopener noreferrer"?

1.1k views Asked by At

The Cross-Origin-Opener-Policy header seems to be quite similar to what the rel="noopener noreferrer" attribute does when opening document in a new tab (target="_blank").

When should I use which one? It seems the COOP header is applicable when I link between origins while the rel="noopener noreferrer" attribute (on anchor tags) seems to work on the same origin as well.

The COOP header also doesn't work over HTTP.

Should I use both? They seem to be quite complimentary.

I am a bit confused here.

websecurity window.opener cross-origin-opener-policy
Original Q&A
1

There are 1 answers

0
gaurav5430 On BEST ANSWER

As much as I understand:

COOP will allow you to block access to your window object if someone opens your window from their window, while noreferrer / noopener is for when you don't want the windows that you open as child, to have access to your window object.

  • COOP blocks window access when you window is opened as child
  • noreferrer / noopener blocks window access when your window is the parent

Related Questions in WEBSECURITY

Related Questions in WINDOW.OPENER

Related Questions in CROSS-ORIGIN-OPENER-POLICY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions