The gov.uk Design System calls this the "Exit a page quickly" pattern [1], with an associated component [2]. It can be activated by clicking the Shift key three times.
There's this nice blog [3] that explains why they chose Shift instead of other keys, and also gives a nice overview of the pattern.
(a class="quickBrowserEscape ..." target="_blank" href="https://www.google.ca/") Need to leave site for your safety? Quick Escape
$('.quickBrowserEscape').on('click', function () {
document.body.style.opacity = 0;
document.title = 'New Tab';
window.open('https://www.weather.gc.ca/canada_e.html', '_blank');
window.location.replace($('.quickBrowserEscape').attr('href')); // removes current page session DOES NOT WORK IN IE
return false;
});
Would recommend picking random URLs from an array.
It’s been a very long time, but as I recall MS recommendations for AD domains and dns collisions changed multiple times. Used to be real problems if you had overlap.
It doesn't wipe from history on Vanadium GrapheneOS (likely same on Android Chrome). It does change its icon to Google and open Google and weather websites.
The Trevor Project (LGBTQ support/suicide prevention site) has the same thing, triggered by a hotkey (press ESC three times). https://www.thetrevorproject.org/
Do you mean something you verified is happening or something you assumed is happening? You can go look at the site OP linked and find out what is happening and if it's a "major security issue". In this case, after user click/intervention, it renames the current history entry to "New Tab". This is not a security issue at all.
Well, it’s right there in the headline that the website wipes itself from history, so I don’t need any realignment of my ability to discern what I’ve read from what I’ve imagined. If all the site is doing is renaming itself New Tab then that sure isn’t newsworthy. Maybe a domestic violence reporting site should just name itself something innocuous in general without the quick escape? But nonetheless, a web site replacing its own history entry with something from another domain sure doesn’t sound secure.
Not to start an argument but in lamence terms, renaming history to "New Tab" is as close to wiping history as a website can manage. Concealing, obfuscating, hiding might have been better words but the non technucal audience would not see an issue with the language. Nuance is important, though and i agree its slightly misleading
I just tested it on both iPhone and Android and it does indeed remove itself from history and replaces with a link to a weather domain. That’s incredible that it is allowed and I can trivially think of a way to get someone to get to a fake banking site right now, or for that matter, fill the history with a series of visits to domestic violence sites or even worse!
I knew about history.replace but I had no idea you could cross sites. Suppose a site, for example, leaves a trail of Amazon Shopping, and curious, you go to it to recall what you did, but it’s Amaz0n instead.
What's weird is with Firefox for Android it's so difficult erasing a site from being remembered. Once visited, in my experience, even after deleting the history entry and last closed tabs item it still auto completes the domain in the addressbar (when it didn't before) and the only workaround is a full history wipe (since the Android version offers no granular timeframe like the desktop version).
So if accidentally clicking some link from some other app that auto opens the default browser it's a PITA to get FF for Android to forget about it.
It only replaces the current page, and VPD is not a single-page app. So if you've been clicking around to find something, the previous pages will still be in your history.
If you need to hide your browsing history from an abusive partner, it would be more secure to use incognito mode and hit Alt+F4 when you need to escape. Unfortunately, Chrome renders incognito windows in dark mode by default. If you're normally on light mode, the transition is extremely conspicuous. Edge and Firefox do the same. It's as if all browser vendors have colluded to make it difficult to browse in secret.
That's funny, right before this I was just reading about how some idiot I knew from back in the day beat the shit out of some stranger on the SkyTrain for his headphones. Maybe it's time to realize how fucked Vancouver is and that the cops aren't the problem
In 2025 Vancouver had the lowest violent crime rate in 23 years. Not that there’s no crime of course but I don’t see that it really constitutes Vancouver being “fucked”.
Not a bad idea, except that *WEB PAGES SHOULD HAVE NEITHER ANY ACCESS TO NOR ANY CONTROL OVER THE HISTORY, PERIOD, AND SOMEBODY NEEDS TO BEAT THE MORONS RESPONSIBLE FOR THIS "WEB PLATFORM" BULLSHIT SENSELESS*.
It's good that a police department has chosen to do this with the misfeature, but the fact that there are non-abusive applications is not an excuse.
The site (vpd.ca) remains in history, just with the name replaced with "New Tab", which the script does just before redirecting. I would be very upset if browsers allowed sites to mess with history.
Any large city's PD is going to be controversial. From the experience of people close to me who work with police, the VPD are better run and have more programs like Car 33 than the RCMP in neighbouring jurisdictions.
Many of the perceived issues come from (I'll say it) corrupt judges who let out career petty criminals on a bail-less "promise to appear." Some officers report arresting the same person twice in one shift.
At least it's not TPS, where the chief likes to protect officers who commit perjury in the name of framing an innocent man for a Sergeant's suicide.
VPD has become notably more controversial after Jim Chu stepped down, before that it was notable how professional they were for a North American police department
The gov.uk Design System calls this the "Exit a page quickly" pattern [1], with an associated component [2]. It can be activated by clicking the Shift key three times.
There's this nice blog [3] that explains why they chose Shift instead of other keys, and also gives a nice overview of the pattern.
[1] https://design-system.service.gov.uk/patterns/exit-a-page-qu... [2] https://design-system.service.gov.uk/components/exit-this-pa... [3] https://beeps.website/blog/2024-10-09-why-govuk-exit-this-pa...
Some New Zealand Government / Business sites have a Javascript-based pop-up available called Shielded Site https://shielded.co.nz/
> If you are experiencing family violence, don't worry, the information within this pop-up won't appear in your browser's history.
Pages like Banks or Council websites have it in their footer, so people can lookup information without it appearing in their history
In New Zealand we have a Shielded Site popup at the bottom of all government websites, and many popular privately owned websites too.
E.g. go to govt.nz and scroll to the bottom. There's a little icon of a computer that opens a popup element inside the page.
It gives information for victims of domestic violence and abuse.
https://govt.nz isn't a thing, but https://www.govt.nz is.
The former should forward to the latter.
Agreed. If the content isn't really designed for the wide world, the www hostname seems to be self-defeating, or at least describing the wrong thing.
This is amazingly pedantic, I love it.
NASA.gov for many years lacked a no-www version. IIRC it had something to do with the no-www being important internally at the time.
It’s been a very long time, but as I recall MS recommendations for AD domains and dns collisions changed multiple times. Used to be real problems if you had overlap.
Stuff has it too.
It doesn't wipe from history on Vanadium GrapheneOS (likely same on Android Chrome). It does change its icon to Google and open Google and weather websites.
Brilliant feature, well done Vancouver PD. A very serious boss mode. Lotus 1-2-3 wouldn't look quite right here but weather.ca is plausible.
This feature has a long and storied history: https://en.wikipedia.org/wiki/Boss_key
Amusingly, I just noticed that alt-spacebar-n doesn't hide a window in Ubuntu.
The Trevor Project (LGBTQ support/suicide prevention site) has the same thing, triggered by a hotkey (press ESC three times). https://www.thetrevorproject.org/
A website can wipe itself from history? That seems like a major security issue.
"That seems like a major security issue."
Do you mean something you verified is happening or something you assumed is happening? You can go look at the site OP linked and find out what is happening and if it's a "major security issue". In this case, after user click/intervention, it renames the current history entry to "New Tab". This is not a security issue at all.
Well, it’s right there in the headline that the website wipes itself from history, so I don’t need any realignment of my ability to discern what I’ve read from what I’ve imagined. If all the site is doing is renaming itself New Tab then that sure isn’t newsworthy. Maybe a domestic violence reporting site should just name itself something innocuous in general without the quick escape? But nonetheless, a web site replacing its own history entry with something from another domain sure doesn’t sound secure.
Not to start an argument but in lamence terms, renaming history to "New Tab" is as close to wiping history as a website can manage. Concealing, obfuscating, hiding might have been better words but the non technucal audience would not see an issue with the language. Nuance is important, though and i agree its slightly misleading
What does “lamence” mean?
I just tested it on both iPhone and Android and it does indeed remove itself from history and replaces with a link to a weather domain. That’s incredible that it is allowed and I can trivially think of a way to get someone to get to a fake banking site right now, or for that matter, fill the history with a series of visits to domestic violence sites or even worse!
https://developer.mozilla.org/en-US/docs/Web/API/Location/re...
This is known and commonly used -- since 1996. What's the risk? You can't change records about other domains.
I knew about history.replace but I had no idea you could cross sites. Suppose a site, for example, leaves a trail of Amazon Shopping, and curious, you go to it to recall what you did, but it’s Amaz0n instead.
"so I don’t need any realignment of my ability to discern what I’ve read from what I’ve imagined"
Not what I asked but I'm glad you're doing okay! I share your concerns.
Raises the question of whether browsers should have a [Replace Page, Erase Domain from History] button and hotkey.
This is a good idea that deserves to be across all Police, Help, Domestic Violence, 911, Suicide Hotline, etc sites across all countries.
Firefox already has "forget this site", which removes all traces of you ever visiting the site, but it's only available from the history modal.
Been there for probably decades, yet another thing mostly known to/used by "advanced" users.
What's weird is with Firefox for Android it's so difficult erasing a site from being remembered. Once visited, in my experience, even after deleting the history entry and last closed tabs item it still auto completes the domain in the addressbar (when it didn't before) and the only workaround is a full history wipe (since the Android version offers no granular timeframe like the desktop version).
So if accidentally clicking some link from some other app that auto opens the default browser it's a PITA to get FF for Android to forget about it.
Android is a wasteland, not surprised
Reminds me of the boss key in a lot of 80's games.
reminds me of boss mode in leisure suit larry 1
See also: https://en.wikipedia.org/wiki/Boss_key
That is an old reference. I bow to the senior geek.
lemmings.exe also had an immediate quit without warning on the esc key, iirc.
I think SimCity Classic had a similar feature.
Respect!
sdf commode too :)
this is awesome. i had a similar idea for a women's shelter but this approach is 1000% better and less complicated than mine. bravo!
Maybe just use an incognito window?
It only replaces the current page, and VPD is not a single-page app. So if you've been clicking around to find something, the previous pages will still be in your history.
If you need to hide your browsing history from an abusive partner, it would be more secure to use incognito mode and hit Alt+F4 when you need to escape. Unfortunately, Chrome renders incognito windows in dark mode by default. If you're normally on light mode, the transition is extremely conspicuous. Edge and Firefox do the same. It's as if all browser vendors have colluded to make it difficult to browse in secret.
Apparently Firefox has a config option to disable this:
browser.theme.dark-private-windows. Set to false, and you're set.
But when the Vancouver PD are beating you up, you wont have time to load the page to locate the quick escape button.
That's funny, right before this I was just reading about how some idiot I knew from back in the day beat the shit out of some stranger on the SkyTrain for his headphones. Maybe it's time to realize how fucked Vancouver is and that the cops aren't the problem
In 2025 Vancouver had the lowest violent crime rate in 23 years. Not that there’s no crime of course but I don’t see that it really constitutes Vancouver being “fucked”.
Not all crimes are reported in Vancouver. But agree is not as bad as some paints.
Not a bad idea, except that *WEB PAGES SHOULD HAVE NEITHER ANY ACCESS TO NOR ANY CONTROL OVER THE HISTORY, PERIOD, AND SOMEBODY NEEDS TO BEAT THE MORONS RESPONSIBLE FOR THIS "WEB PLATFORM" BULLSHIT SENSELESS*.
It's good that a police department has chosen to do this with the misfeature, but the fact that there are non-abusive applications is not an excuse.
The site (vpd.ca) remains in history, just with the name replaced with "New Tab", which the script does just before redirecting. I would be very upset if browsers allowed sites to mess with history.
its too bad they do very little fighting actual crime same with montreal pd probably two least effective and disliked departments in all of canada
Any large city's PD is going to be controversial. From the experience of people close to me who work with police, the VPD are better run and have more programs like Car 33 than the RCMP in neighbouring jurisdictions.
Many of the perceived issues come from (I'll say it) corrupt judges who let out career petty criminals on a bail-less "promise to appear." Some officers report arresting the same person twice in one shift.
At least it's not TPS, where the chief likes to protect officers who commit perjury in the name of framing an innocent man for a Sergeant's suicide.
VPD has become notably more controversial after Jim Chu stepped down, before that it was notable how professional they were for a North American police department
A lot of the first hand experiences I've heard were from around Chu's tenure, so I can't refute that.