Why do HTTPS redirects drop my UTM parameters?

Cherry Seed

Because most HTTP-to-HTTPS redirects are written to fix the protocol, not to carry the data. A typical server or plugin rule rewrites the scheme and sends a 301 to the clean HTTPS URL without appending the original query string, so utm_source and utm_campaign are discarded in transit. The visitor still arrives; the campaign tags don't. This single misconfiguration can account for a meaningful slice of the 30-50% of attribution data WordPress stores routinely lose. The redirect only preserves UTMs when the rule explicitly forwards the query string, for example appending the captured arguments to the target.

Full Answer

An HTTPS redirect is just a 301 or 302 pointing the browser at a new URL. The problem is how that target URL is built. Many rules, whether in nginx, Apache, a CDN, or a WordPress redirect plugin, are written only to swap http for https on the path. If the rule doesn't also append the incoming query string, every utm_ parameter is dropped at the redirect, before any analytics code runs.

This is easy to miss because the page loads perfectly. The visitor sees the right content; only the attribution is gone. In GA4 the session then has no campaign source, so it falls through to Direct or Organic, and your paid traffic looks like it cost nothing and produced nothing.

The fix has two parts. First, write the redirect to preserve parameters, so the query string rides along to the secure URL. Test it by clicking a fully tagged link and confirming the UTMs survive every hop in the chain, not just the first. Second, don't rely on the URL surviving at all. Capture the landing UTMs server-side at first touch and attach them to the order. Once attribution lives in your own data rather than a fragile address bar, a misbehaving redirect becomes an annoyance instead of a silent revenue-reporting hole.

Cherry Seed

Quick Answer

Full Answer

Sources