Search engines passing query in plain text?

Wondering what your guys’ thoughts are on search engines using GET vs POST and the security implications. In my testing Startpage is the only search engine that doesn’t embed your search string into the <title> tag and also uses POST so your query is not passed in the URI. When you use the other search engines the exact query you perform is stored in your history.
1 Like

Pretty sure this is only a matter of whether your search query gets stored in your local history, as everything after the domain name is encrypted by HTTPS as far as someone listening on the network goes. Also, DuckDuckGo does let you change this in their privacy settings. If this is still a concern to you, you can choose to just disable your history or clear it after each session.


Startpage doesn’t

Startpage has 2 modes you can choose: GET and POST. POST is the default iirc.

1 Like

Thank you for pointing that out!