payment_result.php shows the status of the customer's transaction, including their name and email address.
It remains in browser history and if it's revisited we get another email notifying us of the purchase, even days later after the order's been fulfilled and shipped.
Not to mention, if it goes across proxies and through the ISP's logging servers it can leak our customers' PII to other clients.
How should this be handled?