alert(window.location.hash);

You can primitively XOR the "secret" password and string. Very unreliable, like the whole idea of ​​storing the encryption key in the client script. However, here is an example. When the hash is changed, it is replaced with an encrypted string. beginning with an exclamation mark is a distinguishing feature. If you also insert a hash with exclamation. sign - it is decrypted and replaced with the original string:

((w) => {

  function superpooper(secret) {
    const pass = encodeURIComponent(secret);
    return function onHashChange(){
      var hash = w.location.hash.replace(/^#/,"");
      if (!hash.length) return;
      
      const xor = s => s.split('').map((c,i)=>String.fromCharCode(c.charCodeAt(0)^pass.charCodeAt(i%pass.length))).join('');
  
      if (hash[0]==='!') {
        hash = hash.substring(1);
        const decoded = decodeURIComponent(xor(atob(hash)));
        history.replaceState(null, null, document.location.pathname + '#' + decoded);
      } else {
        const encoded = btoa(xor(encodeURIComponent(hash)));
        history.replaceState(null, null, document.location.pathname + '#!' + encoded);
      }
    }
  }

  w.addEventListener("hashchange", superpooper("abrakadabra"), false);
  
})(window)

If you run through the console and add, for example, a hash in the current tab,
And vice versa, if you add this long hash to the page, it will be replaced with "My secret is that's it."
Encryption key here abrakadabra
The increase in length is obtained due to the fact that I run it through encodeURIComponent()so that it works normally with Cyrillic, emoticons and emoji.