When should I use rel=noreferrer?

Question

I have to link some other external sites.

I know when to use nofollow. But I am not clear when I should use rel=noreferrer.

Answer 1

noreferrer doesn't just block the HTTP referrer header, it also prevents a Javascript exploit involving window.opener

Link
Looks innocuous enough, but there's a hole because, by default, the page that's being opened is allowing the opened page to call back into it via window.opener. There are some restrictions, being cross-domain, but there's still some mischief that can be done
window.opener.location = 'http://gotcha.badstuff';

With noreferrer most browsers will disallow the window.opener exploit