Early last year, I wrote about the security and performance implications of setting target="_blank" on links. I said that when doing this, you should also set rel="noopener". This prevents the new page from having access to your page via the window.opener property. Since then, it seems that some browsers have implemented a security improvement.
At the time of writing, setting target="_blank" automatically implies rel="noopener" in some modern browsers. This excludes Opera, Android WebView, and Samsung Internet. If you'd like to know more, you can check the full browser support info.
<!-- In some modern browsers, this: -->
<a
href="https://gomakethings.com"
target="_blank"
>
Go Make Things
</a>
<!-- Is equivalent to this: -->
<a
href="https://gomakethings.com"
target="_blank"
rel="noopener"
>
Go Make Things
</a>I'd argue that you probably shouldn't set target="_blank" anyway. But if you must, I think the excluded browsers' market share is significant enough that you should still set rel="noopener". This is especially true of Android WebView, which is what the "in-app" browsers use.