Surely that must use conventional HTTP referrer data—for which we have well established standards, decades of experience managing interactions and edge cases, and norms for respecting user consent—and not some apparently wishful query parameter?
A user agent SHOULD NOT send a Referer header field if the referring resource was accessed with a secure protocol and the request target has an origin differing from that of the referring resource, unless the referring resource explicitly allows Referer to be sent. A user agent MUST NOT send a Referer header field in an unsecured HTTP request if the referring resource was accessed with a secure protocol.
In other words, it's not guaranteed that this Referer header is set. One can of course choose to remove the query parameter.
aendruk|1 year ago
mrngm|1 year ago