Linking to URL encoded parameters

  • 4 January 2024
  • 1 reply


Posting this as a PSA for anyone else who runs across this issue in the future and (fingers crossed) generate some momentum for the Klaviyo eng team to make an update for this edge case. 

TLDR: Linking to Costco’s website via a Klaviyo email campaign does not work unless you disable the global account setting “Email to website tracking” because of some Costco server-side security.

That setting can be disabled by going to Settings > Email > Attribution.

Longer version:

I went to send an email about a new product we have listed on but repeatedly got server errors on Costco’s site when I tested the link out of Klaviyo. This was with the campaign UTM tracking disabled (this will be important in a second).

From Klaviyo, the Costco link is appended the following URL parameter from our account: ?_kx=ABCDEFGHIJKLMNOP%3D%3D.UHFmv9 . This is added because the global account setting "Email to website tracking" is enabled.

This URL, while correct, causes an error on the Costco servers. It seems like that error is caused by the %3D%3D in the Klaviyo URL parameter. Those characters are URL encoded "==" and likely blocked for valid security reasons. (I don’t see Costco changing these server-side security parameters any time soon based on a request from anyone external, for good reason.)

So I opened a support chat with Klaviyo and they told me to turn off the campaign UTM tracking, which was already off. After a few moments, they said the only way to turn this off is by disabling the global account setting "Email to website tracking." There is no way to disable this on the campaign level, which is obviously not great if you want any sort of data on your other email campaigns or flows that could be going out at the same time.

I opened a more formal bug report/feature request asking if Klaviyo is able to remove the %3D%3D and after about a month of back and forth was told:

The engineer got back to me and said that there are no plans at this time to remove the %3D%3D string from the _kx parameter for website tracking as we have not received many reports on this breaking for customers' websites. But they will take this feedback into account in case there are any plans on updating our tracking in the future. 

I fully recognize that asking Klaviyo to change a global account setting URL parameters for all customers is a high-risk proposition that could break all sorts of stuff, but it also feels dumb to me that any customer that wants to send a Costco link cannot do so unless they disable a global account setting.

If anyone knows of a workaround, I would love to hear it, but I’m mostly just posting this for any other poor soul that runs across this edge case.

1 reply


Four days after this post I got the following message from Klaviyo support:

I have good news for you. [Your account rep] was a very strong advocate for getting rid of the %3D%3D string in the tracking URLs. After some pushing he was able to convince our engineers to take some action and create a fix for the tracking URLs so that moving forward they don't generate with the %3D%3D string/characters. They are still testing this fix to make sure all goes well. 
What this fix will do:
%3D / %3D%3D (and = / ==) were possible before in generated _kx tokens/parameters necessary for email to website tracking.  _kx tokens will be generated without these in the future.
Klaviyo will understand both version of tokens (with or without %3D / =) so you can continue to use old tokens to identify profiles with Klaviyo. Basically past campaigns send with these characters in the tracking will STILL work for tracking purposes. 
Disclaimer: the Costco link that was generated before with the %3D%3D string still won't work as Costco website is technically preventing the link from loading due to those characters.
But the fix is to ensure that newly generated campaigns won't have these %3D%3D _kx characters though, so those should work with Costco moving forward. The engineers said they will apply the fix for your account likely tomorrow when they've done some thorough testing. 


A few hours later they said:

Engineer confirmed it's been deployed for [your account]! =] Tracking parameters should not generate with the %3D characters again but please do let us know if it does and I'll be sure to ping the engineer.


It’s not clear to me if this was rolled out for all users or just our account.

Thanks, Klaviyo, for helping get this solved. It was a small thing but had a big impact for anyone who works with Costco.