Currently when I submit a password to HIBP it sends two requests. One to https://api.pwnedpasswords.com/range/<hash> and another to https://dc.services.visualstudio.com/v2/track with a copy of the hash:
[
{
"data": {
"baseData": {
"data": "GET https://api.pwnedpasswords.com/range/<hash>",
"duration": "00:00:00.100",
"id": "|<id>.<id>",
"name": "GET /range/<hash>",
"resultCode": "200",
"success": true,
"target": "api.pwnedpasswords.com",
"type": "Ajax",
"ver": 2
},
"baseType": "RemoteDependencyData"
},
"iKey": "<id>",
"name": "Microsoft.ApplicationInsights.<id>.RemoteDependency",
"tags": {
"ai.device.id": "browser",
"ai.device.type": "Browser",
"ai.internal.sdkVersion": "javascript:1.0.21",
"ai.operation.id": "HdzCf",
"ai.operation.name": "/Passwords",
"ai.session.id": "<id>",
"ai.user.id": "<id>"
},
"time": "2021-06-10T04:27:35.000Z"
}
]

Is it really necessary to send hashes to this many parties?