Your Redirects Are Killing Your UTM Parameters (And Your Ad Attribution)

You’re running ads. You’ve carefully tagged every URL with UTM parameters. You check Google Analytics and half your conversions show up as “direct” or “organic” instead of the paid campaign that drove them. Your $10,000 ad spend looks like it produced nothing, while “direct traffic” mysteriously doubled.

The culprit is almost always redirects. Somewhere between the user clicking your ad and landing on your site, a redirect is silently stripping your UTM parameters. Here’s exactly how it happens and how to fix it.

UTM Parameters: A Quick Refresher

UTM parameters are tags you add to URLs so analytics platforms know where traffic came from. You can build properly formatted UTM URLs with our free tool. A tagged URL looks like this:

https://yoursite.com/landing-page?utm_source=meta&utm_medium=cpc&utm_campaign=spring-sale&utm_content=video-ad

When a user clicks this link, Google Analytics (or any analytics tool) reads those parameters and attributes the visit to your Meta CPC spring sale campaign. Without them, the visit shows up as direct traffic, which tells you nothing.

UTM parameters are the bridge between your ad spend and your analytics data. When they disappear, that bridge collapses.

How Redirects Strip UTM Parameters

A redirect tells the browser: “The page you requested isn’t here. Go to this other URL instead.” The problem is that not all redirects preserve the query string (the part of the URL after the ? that contains your UTM parameters).

The Four URL Variations

Most websites respond to four different URL patterns:

1. http://yoursite.com/page
2. https://yoursite.com/page
3. http://www.yoursite.com/page
4. https://www.yoursite.com/page

Only one of these is the “canonical” version. The other three redirect to it. That’s three potential redirect hops, and each one is an opportunity to drop your UTM parameters.

A Real Example

You run a Meta ad pointing to:

http://yoursite.com/landing-page?utm_source=meta&utm_medium=cpc&utm_campaign=spring-sale

Here’s what happens:

Step 1: Browser requests http://yoursite.com/landing-page?utm_source=meta&...
Step 2: Server responds 301 → https://yoursite.com/landing-page  (UTMs gone)
Step 3: Browser requests https://yoursite.com/landing-page
Step 4: Server responds 301 → https://www.yoursite.com/landing-page  (Still no UTMs)
Step 5: User lands on https://www.yoursite.com/landing-page
Step 6: GA4 records: source = direct

Two redirects, both silently dropping the query string. The user arrived at the right page, so everything looks fine on the surface. But your analytics are completely wrong.

Redirect Types and How They Handle Query Strings

Not all redirects behave the same way. Understanding the differences matters when you’re diagnosing the problem.

301 (Permanent Redirect)

The most common redirect type. Whether it preserves query strings depends entirely on how it’s configured:

Preserves UTMs (correct configuration):

Redirect from: http://yoursite.com/*
Redirect to: https://yoursite.com/$1  (preserves path AND query string)

Strips UTMs (broken configuration):

Redirect from: http://yoursite.com/landing-page
Redirect to: https://yoursite.com/landing-page  (hardcoded, no query string passthrough)

The difference is subtle but critical. A redirect that matches a specific URL and sends the user to a hardcoded destination will drop everything after the ?. A redirect that uses pattern matching and passes through the full request will preserve UTMs.

302 (Temporary Redirect)

Same behavior as 301 regarding query strings. The temporary vs. permanent distinction affects how browsers and search engines cache the redirect, but UTM handling is identical. If the redirect rule doesn’t explicitly pass through query parameters, they vanish.

307 and 308 Redirects

These newer redirect types are required by the HTTP spec to preserve the request method (GET, POST, etc.), but they don’t inherently guarantee query string preservation. The server configuration still determines whether UTMs survive.

Meta Refresh and JavaScript Redirects

Some sites use HTML meta refresh tags or JavaScript window.location redirects:

<!-- Meta refresh: almost always strips query strings -->
<meta http-equiv="refresh" content="0;url=https://yoursite.com/landing-page">

// JavaScript redirect: strips UTMs unless explicitly handled
window.location = 'https://yoursite.com/landing-page';

// This version preserves them:
window.location = 'https://yoursite.com/landing-page' + window.location.search;

Meta refresh redirects are particularly dangerous because they almost never pass through query parameters.

The Six Most Common UTM-Killing Redirect Chains

1. HTTP to HTTPS

The most common offender. Nearly every site redirects HTTP to HTTPS, but many server configurations don’t preserve query strings in this redirect.

How to test:

Enter in browser: http://yoursite.com/any-page?test=hello
Check: Does https://yoursite.com/any-page?test=hello appear in the address bar?

Common platforms where this breaks:

• WordPress with misconfigured .htaccess or security plugins
• Shopify custom domains with DNS-level redirects
• Sites behind CDNs (Cloudflare, Fastly) with redirect rules that don’t pass through query strings

2. WWW to Non-WWW (or Vice Versa)

Your site uses www.yoursite.com as the canonical URL, but someone links to yoursite.com. The redirect drops UTMs.

How to test:

Enter: https://yoursite.com/page?test=hello
Check: Does https://www.yoursite.com/page?test=hello load with the parameter intact?

3. Trailing Slash Redirects

Some servers treat /landing-page and /landing-page/ as different URLs and redirect one to the other:

https://yoursite.com/landing-page?utm_source=meta
  → 301 to https://yoursite.com/landing-page/?utm_source=meta  (usually preserves)
  → or 301 to https://yoursite.com/landing-page/  (drops UTMs)

This is inconsistent across servers and often depends on the web server software (Apache, Nginx, Caddy) and its configuration.

4. Vanity URLs and Short Links

You create a branded short URL for a print ad or podcast mention:

yoursite.com/spring → redirects to yoursite.com/campaigns/spring-2026-sale

If this redirect is configured without query string passthrough, any UTMs appended to the vanity URL are lost:

yoursite.com/spring?utm_source=podcast&utm_medium=audio
  → 301 to yoursite.com/campaigns/spring-2026-sale  (UTMs gone)

5. Link Shorteners

bit.ly, t.ly, and other shorteners generally preserve query strings. But when you shorten a URL that already has UTMs baked in, the shortened URL works fine. The problem arises when you add UTMs to the shortened URL itself:

https://bit.ly/abc123?utm_source=email  (UTMs may or may not pass through)

Some shorteners strip additional parameters appended to the short URL. Always test the specific shortener you’re using.

6. Landing Page Platform Redirects

If your ad points to a landing page tool (Unbounce, Instapage, Leadpages) that then redirects to your main site after form submission, that redirect often drops UTMs. The conversion happens on the landing page, but if you’re tracking the final destination in GA4, the attribution data is gone.

The Impact: What Broken Attribution Actually Costs You

When UTMs get stripped, the consequences cascade through your entire marketing operation.

Your “Direct” Traffic Is Inflated

Every visit where UTMs were stripped shows up as “direct” in Google Analytics. This is the default bucket for any traffic GA4 can’t attribute to a source. If your direct traffic percentage seems unusually high (above 30-40% for most sites), stripped UTMs are likely a contributor.

Campaign Performance Looks Worse Than Reality

Your Meta campaign drove 200 conversions, but GA4 only attributes 130 to it because 70 visitors lost their UTMs to redirects. Your campaign report says the CPA is $77. The real CPA is $50. You might pause or reduce budget on a campaign that’s actually performing well.

You Can’t Optimize What You Can’t Measure

If 35% of your ad-driven conversions show up as “direct,” you lose the ability to:

• Compare campaign performance accurately
• Identify which ad creative drives the most revenue
• Allocate budget to the best-performing channels
• Calculate true customer acquisition cost by channel

Budget Allocation Goes Wrong

When organic and direct traffic appear inflated (because they’re absorbing misattributed paid conversions), you might conclude that paid advertising isn’t pulling its weight. Budget gets shifted away from paid channels that are actually working, toward channels that look good partly because of stolen attribution.

How to Test Your Redirects

Before fixing anything, you need to know where the problem is. Here’s a systematic approach.

Manual Testing

Test all four URL variations for your most important landing pages:

1. http://yoursite.com/landing-page?test_utm=check
2. https://yoursite.com/landing-page?test_utm=check
3. http://www.yoursite.com/landing-page?test_utm=check
4. https://www.yoursite.com/landing-page?test_utm=check

For each one, check:

• Does the final URL in the address bar still contain ?test_utm=check?
• How many redirects occurred? (Check browser dev tools, Network tab)
• Were there any intermediate hops that dropped the parameter?

Using Browser Developer Tools

1. Open Chrome DevTools (F12)
2. Go to the Network tab
3. Check “Preserve log” so redirects are visible
4. Enter the URL with a test parameter
5. Look at the redirect chain: each 301/302 response will show the Location header
6. Verify that each Location header includes the query string

Using curl

For a quick command-line check:

curl -I -L "http://yoursite.com/landing-page?test=hello" 2>&1 | grep -i "location:"

This shows every redirect hop and whether the query string survived each one.

Automated Testing

If you have many landing pages, manual testing isn’t practical. Use a script or tool that checks all four URL variations for every landing page you’re actively running ads to.

How to Fix UTM-Stripping Redirects

The fix depends on your web server and hosting platform.

Apache (.htaccess)

The most common Apache redirect rules that break UTMs:

# BROKEN: Drops query string
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R=301,L]

# FIXED: QSA flag preserves query string
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R=301,L,QSA]

The QSA (Query String Append) flag is the key. Without it, Apache discards the query string during the rewrite.

For HTTP to HTTPS:

# FIXED: Preserves query string
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

%{REQUEST_URI} includes the query string, so UTMs are preserved.

Nginx

# BROKEN: Hardcoded redirect drops query string
return 301 https://www.yoursite.com$uri;

# FIXED: $request_uri includes query string
return 301 https://www.yoursite.com$request_uri;

The difference between $uri and $request_uri in Nginx is critical. $uri is the path only. $request_uri is the path plus the query string.

Caddy

Caddy generally preserves query strings in redirects by default, but explicit redirect rules should be verified:

# This preserves query strings by default
yoursite.com {
    redir https://www.yoursite.com{uri} permanent
}

The {uri} placeholder in Caddy includes the query string.

Cloudflare Page Rules

If you use Cloudflare for redirects:

1. Go to Page Rules
2. Check any “Forwarding URL” rules
3. Ensure the destination URL ends with /$1 or includes the full match
4. If using Bulk Redirects, check the “Preserve query string” option

WordPress

WordPress plugins like Redirection, Yoast, or security plugins often manage redirects. Check:

1. Redirection plugin settings: Enable “Pass-through” for query strings
2. Yoast SEO: Check redirect manager settings
3. Security plugins (Wordfence, Sucuri): Check their redirect/firewall rules
4. .htaccess file: Review any manually added rules

Shopify

Shopify’s built-in URL redirects (Settings, Navigation, URL Redirects) do preserve query strings. But third-party apps and custom Liquid redirects might not. Test every redirect in your Shopify admin.

Prevention: Stop UTMs From Breaking in the First Place

Rule 1: Always Use the Final/Canonical URL in Your Ads

Before setting up any ad campaign, determine the canonical URL for your landing page. This is the URL that loads without any redirects. Use that exact URL in your ad creative.

Find your canonical URL:

Enter your landing page URL in the browser.
Look at the final URL in the address bar after all redirects complete.
That's your canonical URL. Use it in your ads.

Rule 2: Test Before Every Campaign Launch

Make this part of your campaign launch checklist: paste the exact URL (with UTM parameters) from your ad into a browser and verify the UTMs survive through to the final page load. This takes 10 seconds and prevents weeks of broken attribution.

Rule 3: Use HTTPS and Include WWW (or Don’t) Consistently

Pick one canonical form and use it everywhere:

• Always https://
• Always www. or always without www.
• Always with trailing slash or always without

Consistency eliminates redirect chains.

Rule 4: Audit Vanity URLs and Short Links

Every vanity URL and short link in use should be tested with a dummy query parameter. If the parameter doesn’t survive, fix the redirect configuration before using that URL in any campaign.

Rule 5: Check After Infrastructure Changes

Any time your hosting, CDN, SSL certificate, or domain configuration changes, re-test your redirects. A Cloudflare migration, a new SSL provider, or a server update can silently change redirect behavior.

GA4 Configuration That Helps

Even with perfect redirects, you should configure GA4 to be as resilient as possible.

Enable Google Signals

Google Signals helps GA4 stitch together sessions across devices using Google account data. This won’t fix stripped UTMs, but it helps with overall attribution accuracy. If your GA4 data looks off more broadly, see our guide on why GA4 data goes missing and how to fix it.

Set Up Cross-Domain Tracking

If users move between domains (e.g., from yoursite.com to checkout.yourpaymentprovider.com), configure cross-domain tracking so GA4 doesn’t lose session context:

1. GA4, Admin, Data Streams, Configure tag settings
2. Configure your domains under “Configure cross-domain measurement”
3. Add all domains involved in the user journey

Use Last Non-Direct Click Attribution

GA4 defaults to data-driven attribution, which generally handles direct traffic well. But if you’re analyzing channel performance manually, filter out “direct” as a source and look at last non-direct click to get a cleaner picture of which campaigns are driving conversions.

The BlueFrog Scan Checks This Automatically

Manually testing every URL variation across every landing page is tedious. Our free scan automatically checks your site for redirect chains that strip query parameters, along with dozens of other tracking issues.

It tests all four URL variations (HTTP, HTTPS, with and without WWW), follows every redirect hop, and flags any point where query strings are dropped. You get results in 30 seconds.

Run a free scan on your site and see if your redirects are silently killing your ad attribution. If you’re spending money on ads, this is one of the fastest wins you can get: fix a redirect, and conversions that were showing up as “direct” suddenly appear under the right campaign.

Summary

UTM parameters are the foundation of ad attribution. When redirects strip them, your analytics data becomes unreliable, your campaign performance looks worse than it is, and you make bad budget decisions based on bad data.

The fix is straightforward:

1. Test all four URL variations for your key landing pages
2. Fix any redirects that drop query strings (usually a one-line config change)
3. Always use the final canonical URL in your ads
4. Re-test after any infrastructure changes

It’s not glamorous work. But it’s the difference between knowing where your conversions come from and guessing.

Redirect-stripped UTMs are just one piece of the attribution puzzle. If you’re also dealing with iOS privacy changes eroding your ad tracking or Meta and Google reporting different conversion numbers, the same underlying principle applies: verify your data before making budget decisions.