Please consider enabling chrome://flags/#reduced-referrer-granularity and chrome://flags/#prefetch-privacy-changes by default. The former is purely privacy-related, I don't know if you are already doing something similar. The latter prevents data leakage as described here:

https://terjanq.github.io/Bug-Bounty/Google/cache-attack-06jd2d2mz2r0/index.html

Here is the "Intent to implement" in Chromium:

https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/bSMOY-evrV4