I will propose that sid (session ids) are removed from the URLs (configurable or entirely).

• The sid in the URLs only provide some benefit to people that won't accept cookies.
• A sid is only sensible for the current user in the "current" moment, so making favorites and using them in links (in posts).
• Considering this post viewtopic.php?t=2659822 it can also create DDoS-like traffic from "stupid" non-identifiable bots.

See also phpBB • Remove sid's dfrom URLs