diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6fe26855bc..9e3a58c595 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -316,7 +316,7 @@ These changes were introduced in:
#### Update the Pagination component's default `aria-label`
-The default value of the Pagination component's `aria-label` has been updated to be more descriptive of the contents of the region. If you are using the component's default label, you may wish to update it to the new value.
+The default value of the Pagination component's `aria-label` has been updated to be more descriptive of the contents of the region. If you are using the component's default label, you may wish to update it to the new default of 'Pagination'.
You don't need to change anything if you're using the `govukPagination` Nunjucks macro.
@@ -324,19 +324,29 @@ This change was introduced in [pull request #3899: Update default `aria-label` i
#### Update the Exit this Page button's default text
-The default text of the Exit this Page button has been updated to indicate that the button is a safety tool and not a generic method of leaving the current page. If you are using the component's default label, you may wish to update it to the new value.
+The default text of the Exit this Page button has been updated. It now includes visually-hidden text to clarify that the button is a safety tool and not a generic method of leaving the current page.
-```diff
-
-- Exit this page
-+ Emergency Exit this page
-
-```
+If you are using the component's default text, you may wish to update it to the new value: `Emergency Exit this page`
You don't need to change anything if you're using the `govukExitThisPage` Nunjucks macro.
This change was introduced in [pull request #3989: Update default Exit This Page button text](https://github.com/alphagov/govuk-frontend/pull/3989).
+#### Add the `rel` attribute to the Exit this Page button and secondary link
+
+Update the Exit this Page button and secondary link to include a new attribute and value: `rel="nofollow noreferrer"`.
+
+Adding this attribute does two things:
+
+1. It instructs search engines that your service does not endorse the external website for the purposes of determining search engine rankings.
+2. It instructs web browsers to not send information about your service to the external website.
+
+This fixes a potential risk where the external website could detect that a user had visited from a GOV.UK page and play that information back to the user, which could risk a user's personal safety in some contexts.
+
+You don't need to change the Exit this Page button if you're using the `govukExitThisPage` Nunjucks macro. You will still have to update the secondary link manually.
+
+This change was introduced in [pull request #4054: Add `rel` attribute to the Exit this Page button](https://github.com/alphagov/govuk-frontend/pull/4054). Thanks to [Greg Tyler](https://github.com/gregtyler) for reporting this issue.
+
### Fixes
We’ve made fixes to GOV.UK Frontend in the following pull requests:
diff --git a/packages/govuk-frontend-review/src/views/examples/exit-this-page-with-skiplink/index.njk b/packages/govuk-frontend-review/src/views/examples/exit-this-page-with-skiplink/index.njk
index da3a1db462..5d8d9105f0 100644
--- a/packages/govuk-frontend-review/src/views/examples/exit-this-page-with-skiplink/index.njk
+++ b/packages/govuk-frontend-review/src/views/examples/exit-this-page-with-skiplink/index.njk
@@ -8,7 +8,10 @@
{{ govukSkipLink({
href: "https://www.gov.uk/",
text: "Exit this page",
- classes: "govuk-js-exit-this-page-skiplink"
+ classes: "govuk-js-exit-this-page-skiplink",
+ attributes: {
+ rel: "nofollow noreferrer"
+ }
}) }}
{% endblock %}
diff --git a/packages/govuk-frontend-review/src/views/full-page-examples/child-maintenance/index.njk b/packages/govuk-frontend-review/src/views/full-page-examples/child-maintenance/index.njk
index 95e37778c8..1fea5a3f8a 100644
--- a/packages/govuk-frontend-review/src/views/full-page-examples/child-maintenance/index.njk
+++ b/packages/govuk-frontend-review/src/views/full-page-examples/child-maintenance/index.njk
@@ -34,7 +34,11 @@ scenario: >-
{{ super() }}
{{ govukSkipLink({
href: "https://bbc.co.uk/weather/",
- classes: "govuk-js-exit-this-page-skiplink"
+ text: "Exit this page",
+ classes: "govuk-js-exit-this-page-skiplink",
+ attributes: {
+ rel: "nofollow noreferrer"
+ }
}) }}
{% endblock %}
diff --git a/packages/govuk-frontend/src/govuk/components/exit-this-page/template.njk b/packages/govuk-frontend/src/govuk/components/exit-this-page/template.njk
index 6f3e57637d..104e119c67 100644
--- a/packages/govuk-frontend/src/govuk/components/exit-this-page/template.njk
+++ b/packages/govuk-frontend/src/govuk/components/exit-this-page/template.njk
@@ -15,6 +15,9 @@
html: params.html if (params.html or params.text) else defaultHtml,
text: params.text,
classes: "govuk-button--warning govuk-exit-this-page__button govuk-js-exit-this-page-button",
- href: params.redirectUrl | default("https://www.bbc.co.uk/weather")
+ href: params.redirectUrl | default("https://www.bbc.co.uk/weather"),
+ attributes: {
+ rel: "nofollow noreferrer"
+ }
}) -}}
diff --git a/packages/govuk-frontend/src/govuk/components/exit-this-page/template.test.js b/packages/govuk-frontend/src/govuk/components/exit-this-page/template.test.js
index 1357beecb6..75c03933ea 100644
--- a/packages/govuk-frontend/src/govuk/components/exit-this-page/template.test.js
+++ b/packages/govuk-frontend/src/govuk/components/exit-this-page/template.test.js
@@ -18,6 +18,7 @@ describe('Exit this page', () => {
'Emergency Exit this page'
)
expect($button.attr('href')).toBe('/full-page-examples/announcements')
+ expect($button.attr('rel')).toBe('nofollow noreferrer')
})
})