A Google Analytics UTM Tag Guide for Marketeers


  • Stick with the values recommended by Google Analytics for source and medium UTM tags
  • Keep the campaign UTM tag in the same format across all different advertising networks / channels. For the same campaign, use the same name across different network / channels.
  • Assign ownership for UTM tagging to one single person to protect your Google Analytics data quality
  • Don’t use UTM tags on internal links as they overwrite the origin of your user sessions and thus destroy your acquisition data.
  • No room for mistakes as Google Analytics acquisition data is immutable. Your UTM parameter tracking will stay with you for live.

Why marketeers should read this

With great power comes great responsibility. You might not be aware of the fact that anyone with the power to create a link to your page (or even just browse it) has the power to impact the source / medium (Aquisition > Channel Attribution) data of your Google Analytics reports by adding UTM parameters to the end of the URL.

Marketeers use UTM parameters to attribute the source and type of user sessions on their websites. For example if a marketeer purchases some advertising on a news website, the marketeer will send not only the URL to his/her own website landing page (to which the ads should link) but he/she will prep the URL with Google Analytics UTM parameters. Like this, the marketeer will know how many users came from that news website.

Marketeers in charge of bigger websites will have many different active traffic sources at any given time. Google ads, bing ads, facebook organic content, facebook paid ads, email marketing, … and many more. For all these online marketing activity the marketeer will want to know how many user sessions they deliver for any given period of time, so he/she can determine the return on advertising investment on any single traffic source.

How you should track user sessions from Facebook in Google Analytics

Let’s take Facebook for example. For many professional marketeers, Facebook is more than just a traffic source, it’s at least three: 1) Users clicking on links in third-party posts on Facebook. These we can’t control and they will just show up as social traffic from Facebook. 2) Users that click on links on our own business posts on Facebook. Since we can control the content of such posts, we want to use UTM tags for those links 3) Users that click on our paid ads on Facebook. These we want to distinguish from the previous two traffic sources by using UTM tags.

Here are the most important utm parameters that Google Analytis recognizes.

utm_source: In Google Analytics, the source field of a user session is one of the most important pieces of information. Adding utm_source to a link will override the source that is determined by Google Analytics automagically. For example, a user that comes to your website from Facebook.com will create a user session in Google Analytics with the source facebook.com As this value is used in other parts of Google Analytics we recommend to not alter this behaviour and only use the real domain from where traffic is coming from. So, for Facebook posts or paid ads, you would always use a link like https://your-website.com/landing-page/?utm_source=facebook.com&utm_...

utm_medium: In Google Analytics, the medium field of a user session is the most important piece of information. Adding utm_medium to a link will override the medium that is determined by Google Analytics. Google Analytics automagically recognizes traffic mediums such as: organic, none (for direct traffic), referral, cpc, social. Medium is heavily relied on by Google Analytics to create the default channel grouping. Read more about recognized values here: https://support.google.com/analytics/answer/3297892 – We recommend to stick to these conventions under any circumstance.

utm_campaign: In Google Analytics, the campaign field of a user session is heavily relied upon by the Campaign tab which includes Google Ads. Google Ads Auto-tagging feature will use the campaign names in Google Ads to populate the campaign field in Google Analytics automagically. Beware: Google Analytics will update the campaign field even retroactively if the Google Ads campaign names are changed. We therefore recommend to create guidelines for campaign naming across all paid media networks, including Google Ads, Facebook Ads, and that news website you have booked ads with, too. This essentially means, that you define a global name for your campaigns, and that same campaign name is then used for all media, manually by setting the utm_campaign parameter or automatically via Google Ads campaign names. A good naming convention for campaigns is as follows:


or a bit more machine-readable (this is useful for bigger marketing teams and marketing activities with dozens of different campaigns for filtering and automation):


utm_content: In Google Analytics, the content field is reserved for further information about the ad or text around the link that was clicked upon. This field is normally not set by Google Analytics, so it’s left for you to fill with information for your ad campaigns.

Are there UTM parameters in internal links on your website?

Sometimes a marketeer would like to know whether users have clicked on a specific button, teaser or other element on their journey to a key page. It is best practise to add a query parameter such as https://your-website.com/?journey=homepage-teasers to such elements. These query parameters are then registered by Google Analytics as part of the page path of the pages visited by users. A marketeer can then filter user sessions by such a query parameter and determine what share of users have reached a key page via such elements.

Mistakenly, sometimes, UTM tags are used for such objectives. This is wrong and UTM parameters should be removed urgently from internal links when found.

Why is this so bad? The scope of UTM tagging is to determine where user sessions on your website originate. UTM parameters on internal links will overwrite this information and it is forever lost. Campaign tracking will be wrong, as some of the user sessions that should belong to a campaign of yours will loose that attribution as the UTM source / medium tags will take precedence when the user clicks on an internal link using UTM tagging on your website.

Oops I did it all wrong. Can it be fixed?


Most Google Analytics data, including source, medium, campaign and content fields are immutable – this data cannot be deleted or changed in Google Analytics – for the rest of your life.

The only thing you can do is correct the wrong UTM parameters as quickly as possible to at least have correct acquisition data in Google Analytics in the future.


It’s best not to sway too much from the default Google Analytics way of classifying incoming user sessions with the source and medium dimensions.

When more than one person is involved in campaigning and online marketing activities, designate one person to have ownership of the UTM parameter setting process. This person should provide UTM parameters for any campaigning activities. Such central management of UTM tags make sure that Google Analytics doesn’t stop making sense without anyone noticing.

Check many different URLs in jenkins with a simple bash script for uptime monitoring

This is a simple script to check whether URLs are reachable over HTTP(S). This comes in handy for example when a project has many different (secondary) domains that redirect to the main domain.



# remove commas
for i in "${!urls[@]}"; do     

#for i in "${!urls[@]}"; do     
#    echo "$i"
#    echo "${urls[$i]}"
#exit 0

for i in "${!urls[@]}"; do
    echo "Checking status of ${urls[$i]}"
    code=`curl -sL --connect-timeout 20 --max-time 30 -w "%{http_code}\\n" "${urls[$i]}" -o /dev/null`

    echo "Found code $code for '${urls[$i]}'"

    if [ "$code" = "200" ]; then
        echo "Website '${urls[$i]}' is online."
        sleep 3
        echo "Website '${urls[$i]}' seems to be offline. Waiting $timeout seconds."
        echo "Monitor finished with failures, at least one website appears to be unreachable."
        exit 1

echo "Monitor finished, all good."
exit 0

Create a Google Account on your existing non-gmail email address

What?? Yes, it’s possible!

You can log into Google services like Google Drive or Google Photos with your existing your.name@your-business.com or your.name@gmx.de email address.

Some context: A Google Account and a gmail address are not the same thing. A Google Account is required to log into Google services such as gmail, google drive, youtube, etc. Login with Google even lets you use your Google Account (instead of a username and password) to log into third-party services that support it.

Note: When you create a gmail address a Google Account is automagically created with it.

Google lets you create a Google Account for any email address, specifically for your work address.

Why does it matter?

Other people might want to add you to Google services. If you don’t have a Google Account on your work address, these people will see this error, here is an example from Google Analytics:

It’s recommended to use your official work address for Google (and other) services you use for work, instead of your private (or secondary) gmail address. This way, system administrators can identify individuals when looking at a list of authorized users which increases security for everybody at your company. Nobody knows who frank_82@gmail.com is, but everybody can recognize frank.mueller@yourcompany.com.

How? Here is how to create a Google Account with your non-gmail email address:

  1. Go to https://accounts.google.com/signup/
  2. Click on Use my current email address instead
  3. Enter your official work email address
  4. Finalize the registration providing the required information

If Google complains that there is already a Google Account for this email address, then please click on Sign in instead and sign in, use the Forgot password? link to recover your password if necessary.

Now your work email address (respectively the Google Account attached to it) can be used by other people to add you to Google Services, for example Google Analytics.

Django and Security

Many people have asked me: Is django secure?

Luckily, with django we don’t have to worry about basic security at all. Here is a list of basic security stuff that django supports right out of the box.

  • Cross site scripting (XSS) protection
  • Cross site request forgery (CSRF) protection
  • Full CORS support
  • SQL injection protection
  • Clickjacking protection
  • Host header validation
  • Session security

On top of this we lock down production deployments as follows:

  • Set SECURE_HSTS_SECONDS. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.
  • SECURE_CONTENT_TYPE_NOSNIFF set to True, so your pages will not be served with an ‘x-content-type-options: nosniff’ header. You should consider enabling this header to prevent the browser from identifying content types incorrectly.
  • SECURE_BROWSER_XSS_FILTER set to True, so your pages will not be served with an ‘x-xss-protection: 1; mode=block’ header. You should consider enabling this header to activate the browser’s XSS filtering and help prevent XSS attacks.
  • SECURE_SSL_REDIRECT set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.
  • SESSION_COOKIE_SECURE set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
  • Set CSRF_COOKIE_SECURE to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token.
  • DEBUG set to False in deployment.
  • X_FRAME_OPTIONS set to ‘DENY’. The default is ‘SAMEORIGIN’, but unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to ‘DENY’.

Additional Security Features

django features a range of third-party open source modules that improve security, for example access logging and application firewalling: https://djangopackages.org/grids/g/security/

The life and death of conventional Content Management Systems – and why django CMS is more sustainable

I was recently asked to compare the django ecosystem with the drupal ecosystem. Drupal is widely known as a huge open source CMS success with a massive community behind. 

However looking at Google Trend to my biggest surprise I realized that this is not true in 2019 anymore. The django ecosystem is bigger and on top of that, growing in a sustainable way.

Django (red) vs Drupal (blue) – Since 2016 django has surpassed Drupal. Shockingly, the decline in the interest in the Drupal CMS ecosystem is sharp.

Google Trends 2019

It is my experience that most CMS come and go across the years. The django ecosystem appears to be much more robust than any CMS ecosystem because it doesnt just cover CMS functionality, as a web application framework it covers a much broader scope, with the django CMS package covering the CMS part.

As you can see here, Django is amongst the top three open source web technology ecosystems and it is on a continuous growth path:

Google Trends 2019

django CMS itself is much leaner than other CMS, as it sits on the shoulder of a giant: django – this makes it more long-living and much more maintainable than other CMS projects.

I hope I could give you some insights into the advantages of django + django CMS. Please let me know if you have any questions.

For more information about the technology stack, I’d also point you to the slightly technical articles I wrote about django and django cms.

Disclaimer: At what.digital django and django CMS is our main backend technology stack.

Would you like to contribute to this article? Please let me know. For example, do you think Google Trends is a good way to look at how future-proof a technology is?

Why we use divio.com for django / django CMS hosting

Divio is the company that originally founded django CMS a couple of years ago and that still contributes to developing it further together with the rest of the django CMS community.

Divio is a professional, modern cloud hosting company specialized in hosting python / django / django CMS projects in a highly secure, performant and efficient way.

Divio relies on data centers in Europa and North America via Amazon Web Services (AWS) and in Switzerland – its hosting is fully scalable, meaning that we could host websites with Divio that would be used by hundreds of thousands of daily users.

Amongst Divio’s customers are small to large enterprises in Switzerland and across the globe including S&P Fortune 500 companies and global financial institutions.

Divio is headquartered in Zurich, close to Hardbr├╝cke and has offices in New York City and Stockholm as well as a technical team distributed around the world to be able to respond to support requests around the clock (24/7).

At what.digital what we like about divio.com hosting is:

  • simplicity of the divio.com control panel to launch and maintain projects for our clients
  • very competitive pricing
  • simple backup
  • quick responses from their support staff
  • robust developer tools for django and django CMS projects

Why Django – the Web Application Framework for perfectionists with deadlines

Django is a modern web application (backend) framework with lots of support to scaffold web applications.

Django was designed to help developers take applications from concept to completion as quickly as possible.


The main advantages are:

  • Secure: Django has built-in state-of-the-art security.
  • Efficient: Django has some of the best scaffolding tools to build web applications fast and efficiently (ORM including fully automated database migrations, admin interface, form generation, user authentication, management and permissions, REST API support, and much more). This means that applications can be developed quicker and more cost-efficiently, and the maintenance cost is lower in comparison with other web frameworks.
  • Popular: Django is very popular and has a huge community. Looking at Google Trends, Django emerges as a top-three web framework next to Spring and Laravel. Being so popular, Django has tons of well-maintained modules. These modules are well organized – check it out at https://djangopackages.org/.

By the way: Django also has very good Content Management (CMS) support via projects like Django CMS or wagtail.

Django CMS – A hands-on Introduction


Why Django CMS? Django CMS is a good choice for companies that depend on their website to drive business and generate user value.

For Editors and Marketing Managers: Django CMS empowers editors to select from custom-made page templates and content elements without any dependency on developers. Watch the video below:

django CMS is user friendly and has a very intuitive drag and drop interface.
It’s built around the needs of multi-lingual publishing by default, not as an afterthought: all websites, pages and content can exist in multiple language versions


Full list of django CMS features:

  • Frontend Editing
  • Modular Content Management. Editors can choose from…
    • content elements (plugins)
    • templates for a whole page
    • templates for just parts of a page (sections)
  • Full Multi-Language Support
  • Simple publishing process (draft / published)
  • Multi-Site Support (manage different sites with different domains in the same project)
  • Support for all aspects of SEO and Social Media cards / integrations
  • Full-fledged admin interface and site settings
  • different levels of permissions for editors
  • Full-text search
  • Undo / Redo / Revert to published version for editors
  • … and more

For Developers: Developers can use the full power of Django, a top-three open-source web framework which is also at the core of Django CMS, to build state-of-the-art applications (such as an online course booking tool) that integrate smoothly with the rest of the website. Moreover, developers can include CMS functionality in their applications, creating a perfect blend between application logic and manageable content.


Here you can create your own demo web server with Django CMS and a demo theme installed out of the box. No setup required.

The demo theme consists of standard components. It allows you to build your own page templates. Components include image sliders, text and images in one or multiple columns, tabbed content and much more.

First Steps: In Django CMS, all content can be edited right on the website itself. Append ?edit to the current URL and hit enter. Now you should see the admin bar where you can log in with the admin username and password that you received (or if already logged in, just hit the ‘Edit’ button). Then try double-clicking on a text anywhere on the page and an editor window will open.

The Structure Mode

The structure mode allows an editor to insert content elements (a.k.a. plugins) and to change their order on the page. Try it out! Here is how to use the DjangoCMS structure mode.

More Admin Tools

There are some additional admin tools that allow you to publish / unpublish pages, manage multi-language, etc: Read more at http://docs.django-cms.org/en/latest/user/reference/page_admin.html

Here is the link to the full documentation for editors: http://docs.django-cms.org/en/latest/user/index.html

What’s next?

If you have any questions about Django, Django CMS or CMS in general please get in touch with mario@what.digital