Could you expand a bit on the issue here? As far as I’m aware the fragment is specifically not part of the search params and is not sent by browsers to the HTTP server. Which logs are you concerned about? I’d assume if an attacker has access to your local browsing history you’ve pretty much already lost.