But the redirection is done over plain HTTP and not HTTPS. If you don't have a wildcard certificate, you could use /r?url=... instead of a subdomain.
Ideally, the best setup would be to use the "noreferrer" attribute on anchor tags. It's a relatively new standard but perhaps you could detect if it's supported and then use that rather than a redirector?
But the redirection is done over plain HTTP and not HTTPS. If you don't have a wildcard certificate, you could use /r?url=... instead of a subdomain.
Ideally, the best setup would be to use the "noreferrer" attribute on anchor tags. It's a relatively new standard but perhaps you could detect if it's supported and then use that rather than a redirector?
https://www.webkit.org/blog/907/webkit-nightlies-support-htm...