I’ve banned query strings

Source: Hacker News

🗓️ 2026-05-08 • Tagged web, opinions, meta=only

Why query strings are a problem

I don’t like people adding tracking stuff to URLs.
Even less do I like people adding tracking stuff to my URLs.

https://chrismorgan.info/no-query-strings?ref=example.com?

Did I ask? If I wanted to know I’d look at the Referer header; and if it isn’t there, it’s probably for a good reason. Adding such parameters abuses your users.

https://chrismorgan.info/no-query-strings?utm_source=example&utm_*&c.*?

That one’s even worse. UTM parameters are for me to use, not you. Leave my URLs alone.

The decision: ban unauthorised query strings

I’ve decided to try a blanket ban for this site: no unauthorised query strings.

• At present I don’t use any query strings.
• If I ever start using them, I’ll allow only known parameters.
• In the past I used ?t=… and ?h=… cache‑busting URLs for stylesheet URLs; I’m okay breaking such requests because there shouldn’t be any legitimate ones.

Test it yourself

Want to see what happens if you add a query string?
Try it here – go ahead, give it a shot.

It’s my website: I can do what I want with it.
And you can do what you want with yours!

This is currently implemented in my Caddyfile.