But the redirection is done over plain HTTP and not HTTPS. If you don't have a wildcard certificate, you could use /r?url=... instead of a subdomain.
Ideally, the best setup would be to use the "noreferrer" attribute on anchor tags. It's a relatively new standard but perhaps you could detect if it's supported and then use that rather than a redirector?
As I mention in a previous comment, if you are using the TOR hidden service (3g2upl4pq6kufc4m.onion/) the redirect goes over a TOR exit node without https. Ideally it should use the hidden service so no exit node is involved, or at the least use HTTPS.
It has no privacy impact since we do not store or collect personal information.