I'm using Firefox. I see a lot of r.duckduckgo.com entries in my history.
Edit: I can't replicate in Chrome or Safari but if I change my user-agent in Safari, it begins hijacking my URLs. The JavaScript is obfuscated so it's hard to tell if it's actually checking for Firefox or not. The function it calls is DDG.get_http_redirect
But the redirection is done over plain HTTP and not HTTPS. If you don't have a wildcard certificate, you could use /r?url=... instead of a subdomain.
Ideally, the best setup would be to use the "noreferrer" attribute on anchor tags. It's a relatively new standard but perhaps you could detect if it's supported and then use that rather than a redirector?
As I mention in a previous comment, if you are using the TOR hidden service (3g2upl4pq6kufc4m.onion/) the redirect goes over a TOR exit node without https. Ideally it should use the hidden service so no exit node is involved, or at the least use HTTPS.
Edit: I can't replicate in Chrome or Safari but if I change my user-agent in Safari, it begins hijacking my URLs. The JavaScript is obfuscated so it's hard to tell if it's actually checking for Firefox or not. The function it calls is DDG.get_http_redirect