I’ve banned query strings
A web developer declares war on "unauthorized" query strings, implementing a blanket ban on his site and returning a 414 error for unwanted parameters. This bold move, driven by a desire for clean URLs and a stand against tracking, ignites a fiery debate among HN users. The discussion spans from staunch support for privacy and URL hygiene to strong arguments for the legitimate and practical uses of query strings in modern web applications.
The Lowdown
Chris Morgan's recent post announces his decision to implement a strict policy against "unauthorised query strings" on his personal website. This initiative is a direct response to his aversion to tracking parameters and arbitrary additions to his URLs, which he perceives as an intrusion and an abuse of his domain.
- Motivation: Morgan dislikes tracking mechanisms (like UTM parameters) and other unsolicited additions to his site's URLs, stating "You abuse your users by adding that to the link." He prefers to rely on the Referer header for traffic insights.
- Implementation: His site is configured to return a 414 URI Too Long error for any request containing an unknown query string. He humorously acknowledges this might be an "abuse" of 414 but finds it "funnier" than more generic error codes.
- Future Scope: While currently using no query strings, Morgan states that if he ever needs them, he will only permit specific, known parameters.
- Autonomy: The author asserts his right to dictate how his website functions with the declaration: "It's my website: I can do what I want with it."
This provocative stance challenges common web practices, encouraging a discussion on digital etiquette, privacy, and URL management in the internet ecosystem.
The Gossip
URL Purity & Privacy Pushback
Many commenters laud the author's initiative, echoing concerns about tracking parameters and the general "messiness" these additions bring to URLs. They argue that unsolicited query strings bypass user privacy controls (like referrer policies), contribute to poor user experience (especially with excessively long, unshareable links), and are a form of digital "entitlement" when added by third parties. The sentiment is that rejecting such requests is a necessary stand in an era of digital abuse.
The Case for Query String Utility
A vocal segment of the discussion pushed back against a blanket ban, highlighting the indispensable role of query strings for legitimate and beneficial web functionality. They pointed out their critical use in single-page applications for maintaining and sharing application state (e.g., filters, search results, dashboard configurations), which significantly enhances user experience and collaboration. Critics called the author's stance "dogmatic" and argued that blocking all unknown parameters could break legitimate use cases and penalize users who didn't intentionally add them. Examples were given where query strings were essential for features like font loading or for analytics attribution in email campaigns where HTTP headers aren't feasible.
HTTP Status Code Semantics & Snark
The choice of 414 URI Too Long as the error response for unwanted query strings became a point of humorous and technical contention. While some found the author's justification ("funnier this way") amusing and technically defensible (as adding characters *does* lengthen the URI), others argued that 400 Bad Request or 404 Not Found would be more semantically correct from a standards perspective. The 418 I'm a teapot status was also playfully suggested. This discussion underlined the ongoing debate about strict adherence to, or playful subversion of, HTTP protocol conventions.