The plugin adds
rel="noreferrer" to external links in posts, pages and comments.
Quoting 220.127.116.11 of the HTML5 spec,
It indicates that no referrer information is to be leaked when following the link.
If a user agent follows a link defined by an
areaelement that has the
noreferrerkeyword, the user agent must not include a
Referer(sic) HTTP header (or equivalent for other protocols) in the request.
rel="noreferrer" is supported by Firefox (since version 33) and Chrome/Safari (added to WebKit in November 2009). It is, to my knowledge, not supported by any version of Internet Explorer. It is supported by Microsoft Edge in Windows 10.
The plugin also adds
<iframe> tags. As defined in the Referrer Policy draft:
The simplest policy is No Referrer, which specifies that no referrer information is to be sent along with requests made from a particular settings object to any origin. The header will be omitted entirely.
referrer attribute is as of this writing not yet supported by the stable version of any browser, but it’s coming. Relevant links:
- Chromium: Feature implementation: Referrer Policy - HTML referrer attribute (see also page on chromestatus.com)
- Firefox: Implement <a> and referrer attribute
- Firefox: Implement <img> referrer attribute
- Firefox: Implement <iframe> referrer attribute
Referrer Policy in in meta tag
This plugin, by default, also sets Referrer Policy to
never via a
meta tag. (
no-referrer is actually the preferred keyword, but it is currently not supported by Microsoft Edge.)
Internal links are whitelisted by default. You can also specify additional domains to whitelist.
If meta referrer is enabled, whitelisting will add
referrer="unsafe-url" (unlesss going from HTTPS to HTTP), although this attribute is not yet supported anywhere (see above).
- Download the latest zip file and extract the
- Upload it to your
- Activate Noreferrer through the Plugins menu in WordPress.
Just activate and you’re good to go. If you don’t like the default settings, go to Settings -> Noreferrer.
How it works
It hooks into
comment_text, modifying the output before display. It doesn’t touch the database. Existing attributes, including existing
rel attributes (such as the one set by
wp_rel_nofollow), are preserved.
Inspired by the Drupal module No referrer.