We're looking to hide/null out the referrer on hyperlinks from a secure web application of ours so that external web sites don't become aware of our non-public secure web site. It appears that rel="noreferrer" would be a great way to do that, but there's so little discussion or documentation around it that I'm curious as to how well it's supported.

Is rel=noreferrer supported by HTML5-compliant webkit browsers?

It was implemented a couple of years ago and there's no build flag to turn it off.

So if it's a recent version of WebKit, then yes, it's supported.

I wouldn't rely on newer browser features for security. Maybe open the link with target _blank or, even better security wise, scrub the headers with your webserver or firewall.