About the Referer header, from what I read the header is not sent only if "an unsecured HTTP request is used and the referring page was received with a secure protocol (HTTPS)" [1] That should be rare since the search engines now redirect to HTTPS right away and people would be entering their search terms in a form submitted over HTTPS.
A spot check of a few browsers shows the Refer header in use for these at least when using HTTPS:
Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0 Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) QupZilla/1.8.9 Safari/538.1 Mozilla/5.0 (X11; CrOS x86_64 9765.85.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.123 Safari/537.36 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.75 Safari/537.36 Lynx/2.8.9dev.11 libwww-FM/2.14 SSL-MM/1.4.1 GNUTLS/3.5.6The Referrer Policy is in the draft stage [2] and might or might not affect source web sites in the future, but if it does it looks like it is a very long way from becoming widely deployed, years if ever. So it is unlikely to be a factor in Q1 2018 or Q2 2018
[2] https://w3c.github.io/webappsec-referrer-policy/# referrer-policy-origin
The referrer policy is already in use at Google, which is why we don't see users' search queries in referer field in our request logs; just that they came from Google.
- Mikhail