What This Rule Detects

Detects invalid percent encoding where the % character is not followed by exactly two hexadecimal digits (0-9, A-F). Valid encoding requires the format %XX (e.g., %20 for space, %26 for ampersand). Malformed patterns like %book, %2, or %ZZ cause inconsistent URL decoding across different systems, leading to corrupted tracking data.

Why It Matters

Business Impact:

• URL rejection - Some platforms refuse malformed URLs entirely
• Inconsistent decoding - Different systems decode differently
• Data corruption - Parameter values appear garbled
• Tracking failures - Malformed URLs may not capture data
• User experience issues - Links may break or load incorrectly

Technical Impact:

• Percent encoding follows RFC 3986 standard: % + 2 hex digits
• Malformed: %book (not hex digits), %2 (only 1 digit), %GG (invalid hex)
• Some browsers attempt error correction, others fail entirely
• GA4 may decode incorrectly or reject the value
• Different systems handle errors differently
• Creates unpredictable parameter values

Real Example:

• Your URL: example.com?utm_campaign=50%off&utm_medium=email
• Intended: "50% off" → should be encoded as 50%25off
• Malformed: %of is invalid (not hex digits)
• Browser A decodes: "50%off" (keeps as-is, doesn't decode)
• Browser B decodes: "50�off" (decoding error, shows replacement char)
• Browser C rejects: URL parsing fails entirely
• GA4 receives: Inconsistent values across browsers
• Result: Campaign appears in 3 different forms in reports

Common Scenarios

Scenario 1: Literal Percent Sign Without Encoding

Using % without encoding it as %25:

Scenario 2: Incomplete Encoding Pattern

Partial percent encoding with missing hex digit:

Scenario 3: Invalid Hexadecimal Characters

Non-hex characters after %:

How to Fix

Step 1: Understand Valid Percent Encoding

Valid encoding format:

Pattern: %XX
- % = Percent sign (escape character)
- XX = Exactly TWO hexadecimal digits (0-9, A-F)

Valid examples:
✅ %20 (space)
✅ %26 (ampersand &)
✅ %3D (equals =)
✅ %2F (forward slash /)
✅ %3A (colon :)

Invalid encoding patterns:

❌ %book (letters 'b', 'o', 'o', 'k' are not all hex digits)
❌ %2 (only one digit, need two)
❌ %ZZ (Z is not a hex digit)
❌ %% (no hex digits)
❌ %G5 (G is not a hex digit)

Hexadecimal digits:

Valid: 0 1 2 3 4 5 6 7 8 9 A B C D E F
Also valid: a b c d e f (lowercase)
Invalid: G H I J K L M N O P Q R S T U V W X Y Z

Step 2: Identify Malformed Encoding

Detection patterns:

Pattern A: Literal % without encoding

❌ "50%off" → % should be %25
❌ "100% success" → % should be %25
❌ "discount %" → % should be %25

Pattern B: Incomplete encoding

❌ "value%2" → Missing second hex digit
❌ "text%" → No hex digits at all
❌ "item%1" → Missing second hex digit

Pattern C: Invalid hex characters

❌ "search%query" → 'qu' are not hex digits
❌ "test%XY" → X and Y are not hex digits
❌ "data%GG" → G is not a hex digit

Step 3: Choose Your Fix Strategy

Strategy A: Remove Percent Signs (RECOMMENDED)

Why recommended:

• Simplest solution
• No encoding complexity
• Human-readable URLs
• Works everywhere
• No browser compatibility issues

How to fix:

❌ "50%off"          → ✅ "50-percent-off"
❌ "100% guaranteed" → ✅ "100-percent-guaranteed"
❌ "save%" → ✅ "save-percent"

Strategy B: Properly Encode Percent Sign

When to use:

• Must preserve literal % character
• Technical requirements
• Legacy system integration

How to fix:

❌ "50%off"          → ⚠️ "50%25off" (% encoded as %25)
❌ "100% success"    → ⚠️ "100%25%20success" (% as %25, space as %20)

Note: While technically correct, this creates ugly URLs
Better: "50-percent-off" (readable)

Strategy C: Complete Re-encoding

When to use:

• URL has multiple encoding issues
• Automated URL generation
• Need exact character preservation

How to fix:

Use URL encoding tool:
Input: "50% off & more!"
Output: "50%25%20off%20%26%20more%21"

Or use programming language:
JavaScript: encodeURIComponent("50% off & more!")
Python: urllib.parse.quote("50% off & more!")

Step 4: Fix All Malformed Patterns

Step-by-step process:

1. Scan for % characters:

Find all instances of % in your URLs
Check if each % is followed by exactly two hex digits

2. Categorize issues:

Type A: Literal % ("50%off")
→ Replace with word ("50-percent-off")

Type B: Incomplete encoding ("%2")
→ Remove or complete ("2" or "%20" if intended as space)

Type C: Invalid hex ("%query")
→ Remove % or encode properly ("query" or encode entire value)

3. Apply fixes:

Before: utm_campaign=50%off&sale
Fix: utm_campaign=50-percent-off-sale

Before: utm_content=banner%2
Fix: utm_content=banner-2

Before: utm_term=search%query
Fix: utm_term=search-query

Step 5: Validate Encoding

Validation checklist:

1. Check all % characters:

✅ Each % followed by exactly 2 characters
✅ Both characters are hex digits (0-9, A-F)
✅ No standalone % without hex digits

2. Use validation tools:

Online validators:
- URL Encoder/Decoder tools
- W3C Link Checker
- UTMGuard URL validator

Browser test:
- Paste URL in browser address bar
- Check if browser shows warnings
- Verify URL loads correctly

3. Test across platforms:

- Email clients (Gmail, Outlook)
- Social media (Facebook, LinkedIn, Twitter)
- Messaging apps (WhatsApp, Slack)
- URL shorteners

Examples

❌ Incorrect Examples

https://example.com?utm_campaign=50%off&utm_medium=email
Malformed: %of is not valid hex encoding
Different systems:
- Browser A: "50%off" (keeps as-is)
- Browser B: "50�off" (decoding error)
- GA4: Unpredictable value
Impact: Data fragmentation, inconsistent reporting

https://shop.com?utm_content=discount%&utm_campaign=sale
Malformed: % not followed by any hex digits
Result: Some systems reject URL, others decode incorrectly
Impact: Broken links, tracking failures

https://example.com?utm_term=100%success&utm_source=google
Malformed: %su is not valid hex (%su would need to be %73%75 for "su")
Result: Inconsistent decoding across platforms
Impact: Search term data corrupted, cannot track keyword performance

✅ Correct Examples

https://example.com?utm_campaign=50-percent-off&utm_medium=email
Result: No encoding needed, clear and readable
Tracking: SUCCESS (consistent across all platforms)

https://shop.com?utm_content=discount-coupon&utm_campaign=sale
Result: No special characters, no encoding issues
Tracking: SUCCESS (reliable data)

https://example.com?utm_term=success-stories&utm_source=google
Result: Hyphens instead of special characters
Tracking: SUCCESS (clean, parsable URLs)

Alternative with proper encoding:
https://example.com?utm_campaign=50%25off&utm_medium=email
Result: % properly encoded as %25
Tracking: SUCCESS (but less readable than hyphenated version)

GA4 Impact Analysis

Decoding Errors:

• Malformed encoding causes unpredictable decoding
• Same URL may decode differently in different browsers
• GA4 receives inconsistent values
• Campaign appears in multiple corrupted forms

Data Fragmentation:

• "50%off", "50�off", "50 off" all appear as separate entries
• Cannot consolidate metrics
• ROI calculation unreliable
• Trend analysis broken

URL Rejection:

• Some systems reject malformed URLs entirely
• Links may not work when shared
• Users cannot access landing pages
• Traffic loss

Cross-Browser Inconsistency:

• Chrome, Firefox, Safari decode differently
• Mobile browsers may handle differently than desktop
• Creates device-based data fragmentation
• Makes cross-device attribution impossible

Reporting Impact:

• Campaign reports: Multiple corrupted entries for same campaign
• Parameter values: Garbled text with replacement characters
• Data quality: Low confidence in metrics
• Manual cleanup: Time-consuming data consolidation required

Detection in UTMGuard

UTMGuard automatically detects malformed encoding:

1. Scans all page URLs in your GA4 data
2. Identifies % characters in parameter values
3. Validates encoding pattern (%XX with valid hex)
4. Flags malformed patterns
5. Reports affected parameters and values
6. Suggests corrected alternatives

Audit Report Shows:

• Total sessions with malformed encoding
• List of invalid encoding patterns
• Which parameters are affected
• Suggested fixes (remove % or encode properly)
• Session count per malformed pattern

Related Validation Rules

Frequently Asked Questions

Q: What if my campaign legitimately uses % (like "50% off")?

A: Replace with words: "50-percent-off" (recommended) or encode properly: "50%25%20off" (% becomes %25, space becomes %20). The hyphenated version is more readable.

Q: How do I know if encoding is malformed?

A: Check if every % is followed by exactly 2 hex digits (0-9, A-F). If you see %book, %2, or %% that's malformed. Valid examples: %20, %3D, %26.

Q: Can browsers auto-fix malformed encoding?

A: Some browsers attempt correction, others don't. Behavior is inconsistent. Never rely on browser auto-correction - fix the URLs properly.

Q: What are valid hex digits?

A: 0 1 2 3 4 5 6 7 8 9 A B C D E F (case-insensitive, so 'a-f' also works). Letters G-Z are NOT hex digits.

Q: Should I use uppercase or lowercase hex digits?

A: Both work (%2F and %2f are equivalent). Convention is uppercase, but lowercase is valid too. Be consistent.

Q: What if I need to encode % itself?

A: Encode % as %25. Example: "100%" becomes "100%25". But for readability, consider "100-percent" instead.

Q: Will URL shorteners fix malformed encoding?

A: No. Shorteners typically preserve the destination URL as-is. If destination has malformed encoding, the problem persists.

Q: How do I encode URLs programmatically?

A: Use built-in functions:

• JavaScript: encodeURIComponent(value)
• Python: urllib.parse.quote(value)
• PHP: urlencode($value)
• Java: URLEncoder.encode(value, "UTF-8")

External Resources

• RFC 3986: Percent Encoding Standard
• MDN: Percent Encoding Guide
• W3C: URL Encoding Reference
• Google Campaign URL Builder

---