plausible
Redact search params and fragment from referrer
Changes
Redact search params and fragment from referrer
In the referrer URL, the search parameters (following the ?) and the fragment (following the #) might contain personal/sensitive information.
They are already dropped by Plausible server, but I think we could even make them never leave the user's device.
It could be quite frightening for a user observing network requests in their browser's dev tools, to see that sensitive information is sent to Plausible, a third party service they might have never heard of.
Observing that the search params and fragment are not being sent would be reassuring.
(Even with strict-origin-when-cross-origin, search parameters and fragment will be present in the referrer if, for instance, a user middle-clicks a link in the page.)
Note: apologises for dropping a PR here before asking in an issue — the change is so trivial that I preferred to make it directly. Feel free to simply reject it.
Tests
- [x] This PR does not require tests
Changelog
- [x] This PR does not make a user-facing change
Documentation
- [x] This change does not need a documentation update
Dark mode
- [x] This PR does not change the UI
