Security: hide secret doc id from Referer header

[cben]

Almost not an issue now but blocker for #9: Since the URL is secret, directly linking to external sites would expose the URL in Referer: header.

Should probably use an extra redirect. Is there a way to keep the link structure search-engine friendly? Links on public pages should count as links. OTOH, if they're publicly editable they probably shouldn't to deter spam?

Alternitive: I'm again tempted to keep secret portion in #fragment, which should not (though sometimes did) leak via Referer.

[cben]

Confirmed: clicking ⚠ Alpha quality! ⚠ (link to GH issues) sends Referer: http://mathdown.net/?doc=about to Github.