I’ve banned query strings

🗓️ 2026-05-08 • Tagged /web, /opinions, /meta=only

I don’t like people adding tracking stuff to URLs.
Still less do I like people adding tracking stuff to my URLs.

https://chrismorgan.info/no-query-strings?ref=example.com? Did I ask?
If I wanted to know I’d look at the Referer header; and if it isn’t there, it’s probably for a good reason.
You abuse your users by adding that to the link.

https://chrismorgan.info/no-query-strings?utm_source=example&utm_&c.?
Hey! That one’s even worse, UTM parameters are for me to use, not you.
Leave my URLs alone.

So I’ve decided to try a blanket ban for this site: no unauthorised query strings.

At present I don’t use any query strings.
If I ever start using any query strings, I’ll allow only known parameters.
(In past times I used ?t=… and ?h=… cache-busting URLs for stylesheet URLs;
and I decided I’m okay breaking such requests; there shouldn’t be any legitimate ones.)

Want to see what happens if you add a query string? Go ahead, try it.

It’s my website: I can do what I want with it.

And you can do what you want with yours!

This is currently implemented in my Caddyfile.

Aside: this page’s URL

It was very tempting to publish this at https://chrismorgan.info/? (path «», query ).

This would have broken a lot of common but incorrect assumptions, and made some tools cry:
curl, for example, seems to illegitimately strip a trailing question mark
(could be only for the command line, didn’t test library usage).

In the end, I decided to respect the notion of path and have mercy on people.
Myself most of all; I’m already pushing Caddy in enough directions it’s not happy with.

My next plan was to publish it at /%3F (path «?», query null),
but I guess no one has ever tried doing such stupid things with Caddy before;
if try_files rewriting is involved it can’t cope.

So /no-query-strings will do.
I’ll probably use /? or /%3F later for something else about query strings.