I do know, but I'm not gonna tell you.
(It's internal cgi bullshit and I'm kind of embarrassed that you can see it. In php you can make parameters invisible* but I don't know if you can in cgi, on account of I never learned cgi cuz I feel like it probably sucks.)
* "invisible" is a terrible name, because the parameters and values can be found easily in the clear with a packet sniffer or some tool like that. So the invisible should be only used to make the url look neat and pretty to the user (unlike your current situation) but developers get confused by the "invisible" and try to use it to pass sensitive information, which, just don't.