CSP: disown-opener

This feature is no longer recommended. Though some browsers might still support it, it may have already been removed from the relevant web standards, may be in the process of being dropped, or may only be kept for compatibility purposes. Avoid using it, and update existing code if possible; see the compatibility table at the bottom of this page to guide your decision. Be aware that this feature may cease to work at any time.

The HTTP Content-Security-Policy (CSP) disown-opener directive restricts which the URLs which would get the window.opener when opened with a click or via window.open link on a can be loaded using script interfaces.

Note: Use rel=noopener and rel=noreferrer instead on individual links.


Since this feature is not a part of any official specification, the syntax is subject to change.


There are no useful examples at this time.


Not a path of official specification yet, it was initially incorporated into a draft of CSP Level 3, but then removed before publication.

Browser compatibility

Update compatibility data on GitHub
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
Chrome No support NoEdge No support NoFirefox No support NoIE No support NoOpera No support NoSafari No support NoWebView Android No support NoChrome Android No support NoFirefox Android No support NoOpera Android No support NoSafari iOS No support NoSamsung Internet Android No support No


No support  
No support
Experimental. Expect behavior to change in the future.
Experimental. Expect behavior to change in the future.

See also

  • rel="noopener" and rel="opener"

Document Tags and Contributors

Contributors to this page: bershanskiy
Last updated by: bershanskiy,