Cloudflare Automatic Platform Optimizations (APO) strips UTM tag from URL


@mejorainfotech got a change to see the links I left?


My cloudflare ticket ID regarding this issue is #2718110.

When clicking a Google Ad linking to my site, the URL search parameters (?gclid=####) are being removed by an immediate re-direct, caused by the Cloudflare Wordpress plugin. Specifically, disabling the “Automatic Platform Optimization” fixes this issue, but as this is a paid feature I’d prefer to be able to continue using it.

This issue seemed to have been fixed a couple weeks ago, by an apparent update on Cloudflare’s side (though they never made any announcement or news post), however the issue seems to have started again sometime since then. Once again, disabling APO is the only solution currently.

I had a previous Cloudflare Community thread regarding this, and allowed it to be closed when my issue seemed to have been fixed:

One detail I found seems to be, at least currently, that the URL params are only trimmed when they are not preceded by a ‘/’.
For example, the following URL would have it’s search params removed:
However this URL would not have it’s search params removed:

I can provide my website’s URL and re-enable APO if testing is needed, however at the moment I have it disabled so that it does not interfere with our Google Ads tracking.

I have also opened a ticket with Cloudflare’s email support 17 days ago, and never received any actual support, only a response (after 13 days) saying they can’t help since the issue (at that time) seemed to be fixed.

The ticket ID is #2718110, if it can be escalated that would be appreciated.

1 Like

There are similar cases reported by other users and Cloudflare staff is already looking into it. You should hear about any evolution either here or via email.

Meanwhile, if you want to re-enable APO, you could try (I can’t promise this will work, as APO is a magic of its own) to create a Transform Rule:

(http.request.uri.query contains "gclid" and not ends_with(http.request.uri.path, "/"))

Path > Rewrite to > Dynamic = concat("https://",,"/",http.request.uri.path)
Query String = Preserve

1 Like

Hey there!

Sorry for the repeat of this issue. Thank you for bring it to our attention.

I have replied on your ticket, and will update as there is progress.


I have APO enabled for quite some time, and already realized an issue with APO removing utms when there is a redirection of the url

I tried help at the time Wordpress website with APO when redirect www loses utms with no succes… the issue is identified, but since I don’t have a lot of redirections daily, it’s not too bad.

Problem is on the 26 of February something changed on APO, and now almost everything with utms just ends up losing it…

I have a big chunk of traffic from facebook, so what I did notice was that on that day my traffic with utms just fell, and the facebook traffic converted o traffic from / referral

On the 27th I thought it was an issue with Facebook Link Checker, but no one I knew had same issue so on the 28th I tried disabling APO and pufff… issue gone, on GA real time the traffic just started instantly falling and traffic with utms rise…

So now I can’t activate APO, was there a change made on the 27th to APO technology that could explain this? Nothing on my websites changed… and other ones that I have with CF but without APO active just didn’t have this issue…

I have seen a similar post here but the reason there is about redirection

Although I believe that working correctly , the redirection should lose the utms?

@yevgen any input maybe? Or what could I do to debug this further?

bump… because I am almost sure that this is entirely on APO side, not on my configuration…

Merged all three similar topics here, what @michael said here is the current answer…

The question is that the redirect shouldn’t occur.

I can’t reproduce it on my set-up, though. Where is the redirect set-up, @wu1, @casey9, @mejorainfotech?

1 Like

Hey everyone and thanks @matteo for merging the topics,

I’ll try to look that issue. Cannot promise anything but I’ll give it a serious try. Those issues have been opened for too long already and we can see how it can be a common issue for many users.

I’ll keep you updated.


Hello again,

I’ve set up a dummy Wordpress website behind Cloudflare with APO enabled and wasn’t able to reproduce.

I don’t think there is no issue, but that my configuration is probably not quite the same as yours yet @wu1 @casey9 @mejorainfotech, so I would need more informations regarding your own setup.

While I’m waiting for your own configuration, I’ll ask internally if anyone else may have any guess.

My setup

Cloudflare DNS setup

Cloudflare APO plugin configuration and version

Wordpress and Site Address URLs

Now, when I try to access, with the same UTM parameters as @mejorainfotech, there is no redirect yet, and no problem:

Finally, when I try to access, which is redirected by Wordpress (as far as I understand) to, with the exact same UTM parameters, I get redirected via a 301 from to, and the parameters are correctly there:

1 Like


I’ve re-enabled APO & cleared all caches so that the issue is repeatable on my site. Following the link below results in the URL params being removed:
However if you add a / before the “?gclid” the redirect does not happen, and the URL is unmodified:

My config

I have APO enabled, “Cache by Device Type” is NOT checked:

Wordpress General Settings:

Cloudflare DNS:

Cloudflare Nameservers:

[edit] removed my website’s URL & re-disabled APO for the time being since the issue is repeatable on other sites now.

1 Like

Oh, I can finally reproduce!

It doesn’t redirect with any query string, just some of them and only on actual paths, not the main index page.

Why, I can’t. I can share more details, if you want @aseure_cf… you need to follow @cloonan’s instruction though, as we need to go private :slight_smile:


This is such a specific case, which requires multiple separate specific cases…
Let’s see if I can share a case @aseure_cf can reproduce himself without sharing any of my private domains.

You need a path, no end /, analytics query parameters and no custom query params.

For brevity I will use just one of the utm_* params, one is enough to reproduce the issue.

These will work just fine:

These will, too (even though they will be re-ordered):

These will not:

The reason it was working in my DevTools is because of the Disable Cache checkbox being checked. This was injecting a Cache-Control: No-Cache header which hid the issue. Without the header, I’m able to reproduce.

Keeping you updated.


Thanks for taking this head on!
I’ll try to replicate the issue on a smaller website see if it occurs too and will give you an update also…

Hi again…Activated APO “add on” for a smaller website…
Please check video olt_apo_utms_bug.mp4 - Google Drive

What I noticed, is that it only loses utms when I use “?utm_source”, if I use something like “?index” it doesn’t lose the utm… behaving as I “expected”

So, when accessing it redirects to and keeps query parameters.

If acessing it will go to losing query parameters.

I realised this behaviour above, yes.

1 Like

I’ve since set an APO test site and can confirm the suggested Transform Rule (Rewrite URL) works with APO and can be used to prevent the redirection in the case pointed by @casey9 and @matteo: with a path other than home page, no trailing slash, and either utm_ or gclid QS parameters.


( eq "" and not ends_with(http.request.uri.path, "/") and http.request.uri.query contains "utm_") or ( eq "" and not ends_with(http.request.uri.path, "/") and http.request.uri.query contains "gclid")


Path > Rewrite to > Dynamic > concat(http.request.uri.path, "/")
Query > Preserve

Alternatively, for @mejorainfotech and those whose redirects are caused for legacy reasons, like some old paths that are redirected to new paths, you can use Redirect Rules with Preserve Query String checked, instead of letting WordPress handle the redirects at the origin.

If that’s for some reason not desirable (you ran out of the redirect quota allowed for your plan level, or you want your origin server to log those requests, for instance), you can set a different Transform Rule (Modify Response Headers) to add back the query string to the Location header.


( eq "" and http.request.uri.path in {"/hello-world" "/old-path1" "/old-path2"} and http.request.uri.query contains "utm_") or ( eq "" and http.request.uri.path in {"/hello-world" "/old-path1" "/old-path2"} and http.request.uri.query contains "gclid")

Modify Response Header
Set > Dynamic >

1 Like

If I am understanding correctly, this is a “band aid” on top of a APO malfunction no?

Should APO behave as exposed here, discarding query parameters when there is a redirect of some sort?

By the way, the beginning of this thread I mentioned that even when there is no redirect the query parameters are being lost with APO active since the 26 of February … because I saw on my google analytics dashboard my traffic with utms falling hard that day…
Also, it appears to only happen when it has “utm” in the query parameter, why?

❯ curl -sI ""
HTTP/2 301 
date: Mon, 20 Mar 2023 17:12:51 GMT
content-type: text/html; charset=UTF-8
cf-ray: 7aaf9518988f9501-LIS
cache-control: max-age=3600
expires: Mon, 20 Mar 2023 18:12:52 GMT
vary: Accept-Encoding
cf-cache-status: MISS
cf-apo-via: origin,resnok
cf-edge-cache: cache,platform=wordpress
x-redirect-by: WordPress
report-to: {"endpoints":[{"url":"https:\/\/\/report\/v3?s=8FLvhgiqPtTaW7AXlDy9Jp6y3FBu3dKc32bP%2F7%2Fpa2pWfcb9iwqxAK9Zhm%2B3EmURrqK6N6qqapZfTW0MYJj%2FjZIXg%2BfB8xmiYiddTfWIU7LU0t9Jk9r3aZ1kxpqvarceHuAo%2BjTKMyfB%2FBSL0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

❯ curl -sI ""
HTTP/2 301 
date: Mon, 20 Mar 2023 17:13:03 GMT
content-type: text/html; charset=UTF-8
cf-ray: 7aaf9563685e4894-LIS
cache-control: max-age=3600
expires: Mon, 20 Mar 2023 18:13:03 GMT
cf-cache-status: BYPASS
cf-apo-via: origin,qs
cf-edge-cache: cache,platform=wordpress
x-redirect-by: WordPress
report-to: {"endpoints":[{"url":"https:\/\/\/report\/v3?s=jkN9TgQ%2FiG9HU2zjtR27X3lxI6Y%2FI%2F0wDEx8%2F6BbD5cMMYQhal6pvJYmSNa6%2BXa0CqttpmJggk9sDM78FRh63YTd1VZL2Tcmdtfk59k77iiYF44ANi49RBE%2BQX9JIzBsNv0gfVGfZtnCI0WgvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

I set up the Transform Rule recommended by @cbrandt, however it looks like the redirect & removal of URL params is still happening when APO is enabled.

Transform Rule

However, changing the rules to trigger when the hostname equals my normal domain (e.g., “”) instead of “” seems to work.