GoKawiilMay 10, 2026
Chris Morgan is tired of people tacking query strings onto his URLs — e.g. www.robinsloan.com/lab/?like=this&and=this —so he’s configured his website to reject those requests outright, rather than suffer in silence.
Naturally, anybody is free to set up their server in any way they like … however, Chris writes this:
If I wanted to know [where a visitor came from] I’d look at the Referer header; and if it isn’t there, it’s probably for a good reason.
which isn’t really true anymore. For most websites, the majority — not just the plurality, but the majority — of visitors arrive by following a link inside an email or an app (e.g. Instagram, Messages on iOS, the Substack app), neither of which set a Referer header; so, all of those visitors are lumped into a vast slab called Direct or Unknown.
This broken mechanism provides the impetus for the custom query string I append to all outgoing links, utm_source=Robin_Sloan_sent_me : understanding that many/most clicks on links I share will come from my email newsletter, I want the source to be legible, particularly in contexts such as, e.g., Shopify.
This isn’t an argument that Chris Morgan should do anything different — opinionated operator decisions make the internet go round — but rather an opportunity for clarification about the current state of play.
I don’t collect or review analytics of any kind on my websites, so I’m not a consumer of this kind of referral info. Even so, my custom query string is, in my calculation, an expression of digital etiquette: rather than dump a load of anonymous traffic on your doorstep, I reveal who’s linking, so a website or online shop operator can trace it back and get in touch, if wanted or needed. (Memorably, this was useful when the Abrams Planetarium received a wave of new subscriptions and weren’t sure if they were legitimate; a brief email correspondence assured them that yes, these people were real … they were nerdy … they wanted the Sky Calendar!)