Safe UTM Characters Guide: What You Can and Cannot Use
"I kept a printed list of safe characters at my desk. Every time someone asked 'Can I use X in a campaign name?' I'd check the list. This simple reference saved us from countless tracking errors."
This practice, adopted by Marketing Operations Manager David Chen, became company policy after too many broken campaigns. Here's the definitive guide to safe and unsafe characters in UTM parameters.
The Complete Safe List
Always Safe: The Core Set
These characters will NEVER cause problems in UTM parameters:
Lowercase letters: a b c d e f g h i j k l m n o p q r s t u v w x y z
Numbers: 0 1 2 3 4 5 6 7 8 9
Hyphen: -
Underscore: _
That's it. Stick to these 38 characters and you'll never have a tracking issue.
Examples:
✅ PERFECT:
utm_campaign=summer-sale-2024
utm_source=facebook-ads
utm_medium=paid-social
utm_content=carousel-ad-v2
utm_term=running-shoes-men
✅ ALSO PERFECT:
utm_campaign=q4_black_friday
utm_source=email_newsletter
utm_medium=display_banner
utm_content=hero_image_v1
utm_term=saas_analytics_tool
🚨 Not sure what's breaking your tracking?
Run a free 60-second audit to check all 40+ ways UTM tracking can fail.
Scan Your Campaigns Free✓ No credit card ✓ See results instantly
Conditionally Safe: Uppercase Letters
Uppercase letters (A-Z) are technically safe but create consistency problems:
⚠️ WORKS BUT NOT RECOMMENDED:
utm_campaign=SummerSale2024
utm_source=FacebookAds
Why avoid:
- Case sensitivity fragments data
- "Facebook" ≠ "facebook" ≠ "FACEBOOK" in analytics
- Each variation creates separate data rows
Best practice: Always use lowercase to avoid fragmentation.
Mostly Safe: Period (Dot)
Period (.) is safe in specific contexts:
✅ OK in utm_source for domains:
utm_source=techcrunch.com
utm_source=partnersite.io
❌ AVOID elsewhere:
utm_campaign=version.2.0
utm_content=v.2
Why be careful: Some systems treat periods as subdomain separators or decimals, causing parsing inconsistencies.
The Complete Danger List
Category 1: URL Structure Characters (NEVER USE)
These characters have reserved meanings in URL syntax and will break your tracking:
| Character | Name | Why It Breaks | Use Instead |
|---|---|---|---|
? | Question mark | Starts query string | (remove) |
& | Ampersand | Separates parameters | -and- |
= | Equals | Separates key/value | -equals- |
# | Hash/Fragment | Starts URL fragment | (remove) or - |
/ | Forward slash | Path separator | - |
: | Colon | Scheme separator | - |
Examples:
❌ BREAKS:
utm_campaign=Q&A Webinar
→ Creates invalid parameter: "A Webinar"
utm_campaign=Save 50%? Maybe More!
→ Truncates at "?"
utm_source=partner.com/blog
→ Treats "/blog" as path
✅ FIXED:
utm_campaign=qa-webinar
utm_campaign=save-50-percent-maybe-more
utm_source=partner-com-blog
Category 2: Encoding Characters (NEVER USE)
These characters trigger encoding/decoding issues:
| Character | Name | Why It Breaks | Use Instead |
|---|---|---|---|
% | Percent | Encoding prefix | -percent |
+ | Plus | Often decoded as space | -plus- |
| Space | URL-encodes inconsistently | - |
Examples:
❌ BREAKS:
utm_campaign=Save 50% Off
→ Encodes as "Save%2050%25%20Off" (confusing)
utm_campaign=C++ Course
→ Decodes as "C Course" (spaces)
✅ FIXED:
utm_campaign=save-50-percent-off
utm_campaign=c-plus-plus-course
Category 3: Punctuation (NEVER USE)
These characters may work sometimes but fail unpredictably:
| Character | Name | Why It Breaks | Use Instead |
|---|---|---|---|
! | Exclamation | Terminates value in some parsers | (remove) |
@ | At sign | Email/authority separator | -at- |
$ | Dollar sign | Special in regex/scripts | -dollar- |
* | Asterisk | Wildcard character | -star- |
, | Comma | List separator | - |
; | Semicolon | Parameter separator (legacy) | - |
Examples:
❌ BREAKS:
utm_campaign=Act Now!
→ May terminate at "!"
utm_source=contact@partner.com
→ Confuses email parsers
utm_campaign=$100 Off Sale
→ Breaks in some systems
✅ FIXED:
utm_campaign=act-now
utm_source=contact-at-partner-com
utm_campaign=100-dollar-off-sale
Category 4: Quotes and Brackets (NEVER USE)
These characters create security and parsing issues:
| Character | Name | Why It Breaks | Use Instead |
|---|---|---|---|
" | Double quote | String delimiter, XSS risk | (remove) |
' | Single quote | String delimiter, XSS risk | (remove) |
` | Backtick | Template delimiter | (remove) |
< > | Angle brackets | HTML tags, security risk | (remove) |
( ) | Parentheses | Function syntax | (remove) or - |
[ ] | Square brackets | Array syntax | (remove) |
{ } | Curly braces | Object syntax | (remove) |
Examples:
❌ BREAKS:
utm_content="Premium" Tier
→ Breaks parsing, quotes stripped
utm_campaign=<Summer Sale>
→ Treated as HTML tag, removed
utm_campaign=Webinar (Free)
→ Inconsistent handling
✅ FIXED:
utm_content=premium-tier
utm_campaign=summer-sale
utm_campaign=webinar-free
Category 5: Other Special Characters (NEVER USE)
| Character | Name | Why It Breaks | Use Instead |
|---|---|---|---|
| | Pipe | OR operator | -or- |
\ | Backslash | Escape character | - |
^ | Caret | Exponent/regex | (remove) |
~ | Tilde | Home directory symbol | (remove) |
😰 Is this your only tracking issue?
This is just 1 of 40+ ways UTM tracking breaks. Most marketing teams have 8-12 critical issues they don't know about.
• 94% of sites have UTM errors
• Average: $8,400/month in wasted ad spend
• Fix time: 15 minutes with our report
✓ Connects directly to GA4 (read-only, secure)
✓ Scans 90 days of data in 2 minutes
✓ Prioritizes issues by revenue impact
✓ Shows exact sessions affected
Quick Reference Chart
The Traffic Light System
🟢 GREEN (Always Safe):
a-z (lowercase letters)
0-9 (numbers)
- (hyphen)
_ (underscore)
🟡 YELLOW (Use With Caution):
A-Z (uppercase - but use lowercase for consistency)
. (period - only in utm_source for domains)
🔴 RED (Never Use):
All other characters
Especially: ! @ # $ % ^ & * ( ) + = [ ] { } ; : ' " , . < > / ? \ | ` ~
Real-World Examples
Campaign Names
❌ DON'T:
utm_campaign=Black Friday Sale! Save 50%
utm_campaign=Q&A: Email Marketing 101
utm_campaign="Premium" Product Launch
utm_campaign=Summer/Fall Collection
utm_campaign=Back-to-School (2024)
✅ DO:
utm_campaign=black-friday-sale-save-50-percent
utm_campaign=qa-email-marketing-101
utm_campaign=premium-product-launch
utm_campaign=summer-fall-collection
utm_campaign=back-to-school-2024
Source Names
❌ DON'T:
utm_source=partner.com/blog
utm_source=john@affiliate.com
utm_source=Twitter/X
utm_source=FB+Instagram
✅ DO:
utm_source=partner-com-blog
utm_source=john-affiliate
utm_source=twitter
utm_source=fb-instagram
Medium Names
❌ DON'T:
utm_medium=Paid Social
utm_medium=email/newsletter
utm_medium=display+native
✅ DO:
utm_medium=paid-social
utm_medium=email-newsletter
utm_medium=display-native
Content Variations
❌ DON'T:
utm_content=Hero Banner (Desktop)
utm_content=CTA=Buy Now
utm_content=50% Off!
✅ DO:
utm_content=hero-banner-desktop
utm_content=cta-buy-now
utm_content=50-percent-off
Keyword Terms
❌ DON'T:
utm_term=running shoes + socks
utm_term=best email marketing tool?
utm_term=SEO & content strategy
✅ DO:
utm_term=running-shoes-socks
utm_term=best-email-marketing-tool
utm_term=seo-content-strategy
Character Replacement Guide
Common scenarios and how to handle them:
Percentages
50% → 50-percent
75% off → 75-percent-off
100% guarantee → 100-percent-guarantee
Ampersands
Q&A → qa
Sales & Marketing → sales-and-marketing
Tools & Tips → tools-and-tips
Slashes
Fall/Winter → fall-winter
2024/2025 → 2024-2025
AM/PM → am-pm
Plus Signs
C++ → c-plus-plus
More+ → more-plus
A+ Rated → a-plus-rated
Parentheses
(Free) → free
Version (2.0) → version-2-0
Today Only (!) → today-only
Quotation Marks
"Premium" → premium
'New' Product → new-product
"Best" Deal → best-deal
Dollar Signs
$100 Off → 100-dollar-off
Save $$$ → save-dollars
$5 Deal → 5-dollar-deal
Validation Checklist
Before launching any campaign, verify:
- Only lowercase letters (a-z)
- Only numbers (0-9)
- Only hyphens (-) or underscores (_) for word separation
- No spaces
- No special characters (!@#$%^&*...)
- No uppercase letters
- No quotes or brackets
- Descriptive and meaningful
- Consistent with style guide
- Tested in browser
Implementation Tools
JavaScript Validator
function isValidUTMValue(value) {
// Only allow lowercase letters, numbers, hyphens, underscores
const safePattern = /^[a-z0-9-_]+$/;
return safePattern.test(value);
}
// Usage
console.log(isValidUTMValue('summer-sale-2024')); // true
console.log(isValidUTMValue('Summer-Sale')); // false (uppercase)
console.log(isValidUTMValue('sale-50%-off')); // false (special char %)
console.log(isValidUTMValue('q_and_a_webinar')); // trueCharacter Sanitizer
function sanitizeToSafeChars(value) {
return value
.toLowerCase() // Convert to lowercase
.replace(/\s+/g, '-') // Spaces to hyphens
.replace(/[^a-z0-9-_]/g, '-') // Remove unsafe characters
.replace(/-+/g, '-') // Multiple hyphens to single
.replace(/^-|-$/g, ''); // Trim edge hyphens
}
// Examples
console.log(sanitizeToSafeChars('Summer Sale 2024!'));
// Output: summer-sale-2024
console.log(sanitizeToSafeChars('Q&A: Email Tips'));
// Output: q-a-email-tips✅ Fixed this issue? Great! Now check the other 39...
You just fixed one tracking issue. But are your Google Ads doubling sessions? Is Facebook attribution broken? Are internal links overwriting campaigns?
• Connects to GA4 (read-only, OAuth secured)
• Scans 90 days of traffic in 2 minutes
• Prioritizes by revenue impact
• Free forever for monthly audits
Join 2,847 marketers fixing their tracking daily
FAQ
Q: Can I use emojis in UTM parameters?
A: Absolutely not. Emojis are complex unicode characters that break across platforms and make data analysis impossible. Always remove emojis.
Q: What about accented characters (é, ñ, ü)?
A: While technically possible, they encode inconsistently across platforms. Best practice: transliterate to plain ASCII (é→e, ñ→n, ü→u).
Q: Are numbers always safe at the beginning of parameters?
A: Yes, utm_campaign=2024-summer-sale is perfectly valid. Numbers anywhere in the value are safe.
Q: Can I use ALL-CAPS for emphasis?
A: Technically safe, but creates fragmentation. SALE and sale track separately. Always use lowercase.
Q: What if I need to differentiate versions (v1, v2, v3)?
A: Perfect use case! utm_content=carousel-v1, utm_content=carousel-v2, etc. Numbers with hyphens are ideal.
Q: Are underscores better than hyphens?
A: Both are equally safe. Choose one and use consistently. Hyphens are more common and slightly more readable: email-campaign vs email_campaign.
Q: Can I use periods in version numbers?
A: Risky. v2.0 may work but can cause issues. Use v2-0 or v2 instead.
Q: What about unicode spaces (non-breaking spaces)?
A: No. All space-like characters should be replaced with hyphens. Unicode spaces encode inconsistently.
Ensure your UTM parameters only use safe characters. UTMGuard automatically validates every character in your campaign tracking and flags anything that could break your data. Start your free audit today.