Not all tracking is user-specific, but you do raise an interesting point, how to (thinking as a site owner) remove personal info from the URL, but still pass that info around locally.

Cookies is one way (if we stick to the ___domain), possibly using sidecar AJAX requests and localState is another.

Or maybe we can leave it all in the URL, but encrypt it with a key in a cookie, thus without the cookie, the info is recognized as foreign when passed around. Hmm yeah, not bad.