Skip to main content
SecScannerSecScanner
Security ChecksFree ToolsPricingBlog
Get Started
Sign InGet Started
Security ChecksReverse Tabnabbing Protection
ContentMedium PriorityFree

Reverse Tabnabbing Protection

Updated June 2026·SecScanner Team

Reverse tabnabbing is an attack where a page opened via target="_blank" can hijack the original tab using the window.opener API.

Why It Matters

Without rel="noopener", a malicious page opened in a new tab can redirect the original tab to a phishing page. Users may not notice the change and enter credentials on the fake page.

How We Check

We scan all anchor tags with target="_blank" and verify they include rel="noopener" or rel="noreferrer" attributes.

How to Fix

Add rel="noopener noreferrer" to all links with target="_blank". Modern browsers add noopener by default for target="_blank", but explicit attributes ensure protection in older browsers.

Frequently Asked Questions

What is Reverse Tabnabbing Protection?

Reverse tabnabbing is an attack where a page opened via target="_blank" can hijack the original tab using the window.opener API.

Why does Reverse Tabnabbing Protection matter for website security?

Without rel="noopener", a malicious page opened in a new tab can redirect the original tab to a phishing page. Users may not notice the change and enter credentials on the fake page.

How do I fix Reverse Tabnabbing Protection issues?

Add rel="noopener noreferrer" to all links with target="_blank". Modern browsers add noopener by default for target="_blank", but explicit attributes ensure protection in older browsers.

Related Security Checks

Headers

Content Security Policy (CSP)

Headers

Frame Security Policy

Check Your Website Now

Run a free security scan to check for Reverse Tabnabbing Protection issues and 62+ other security vulnerabilities.

Scan Your Website Free

Product

  • Security Checks
  • Free Tools
  • SSL Checker
  • Vulnerability Scanner
  • Email Security
  • Pricing
  • Compliance
  • Security Reports

Popular Checks

  • CSP Check
  • HSTS Check
  • TLS Version Check
  • SSL Expiry Check
  • SPF/DKIM/DMARC Check
  • Cookie Security Check
  • JS Vulnerability Scan
  • OCSP Stapling Check

Resources

  • Blog
  • Glossary
  • Contact

Legal

  • Terms of Use
  • Privacy Policy
  • Refund Policy
  • Cookie Policy

© 2025-2026 SecScanner. All rights reserved.