Timestamps, IP, and user agent are probably enough to reconstruct the user visit. Chrome is now sending a browser generated fingerprint x-client-data to all Google's domains while of course they will be trying to end use of referer header for everyone else. They are shameless and think people are dumb.

Mobile carriers are injecting their own fingerprint headers into outgoing http requests as well if not using https.