Full Answer

Browser parameter stripping works through three mechanisms, and coded UTMs bypass all three. Safari's Link Tracking Protection maintains a list of known tracking parameters — gclid, fbclid, dclid, msclkid, igshid — and removes them from URLs during page load. The list is specific and documented. A parameter named ehgys does not appear on it.

Firefox Enhanced Tracking Protection in Strict mode uses query_stripping with regex patterns that match known prefixes. The uBlock Origin extension, used by millions of Firefox users, maintains its own filter lists. AdGuard's URL Tracking filter targets documented parameter names. Every filter system relies on recognising the parameter name before deciding to strip it.

Ad blocker extensions like Chrome's Remove FBclid and UTM maintain lists of 50+ known tracking parameters. These lists are updated when platforms introduce new identifiers, but they can only add names that are publicly documented. A randomised string generated per-store or per-campaign is invisible to every filter list in existence.

The encoding happens before the URL is generated. A campaign link that would normally use utm_source=facebook&utm_medium=cpc is encoded to ehgys=1276879, where the numerical value maps to the full campaign data in your server-side lookup table. When the visitor lands on your WordPress site, the inPIPE plugin decodes the parameter, pushes the full attribution data to the dataLayer, and the original campaign information becomes available to GA4 and every other tracking tool — after safely passing through every filter.

The limitation is that coded UTMs protect campaign-level attribution, not individual click identifiers. gclid and fbclid tie a click to a specific user profile in the ad platform. Coded UTMs preserve which campaign brought the visitor, not which individual click.