So you don't also see "GET /e47b07057738525b2f77fab1ef3197cac1b27e7672ea1a49bc5ae4f87eb19e8c/73a3257c89dbef144434269df702364eb0422554c508b6433266b4e65d07b344#p3d3pLH7ND2cr6EJztGmQosfPZdItxE_FQ5zCsGZ5bM=/ HTTP/1.1" 200 OK?
(That would be a test message I created a link for)
No, anything including and after the # is not seen by the server. Here is a screenshot from Fly that shows what it looks like from my end: https://imgur.com/a/41XxtHJ
If someone were to go to just the /sha256/sha256 link without the encryption key bookmark appended to it, they would see: Decryption failed: ChaCha20Poly1305 key must be 32 bytes.
Or with a wrong key they would see: Decryption failed:
(That would be a test message I created a link for)