%0d%0a in query string causing corrupt analytics cookie


We're send our emails through a company that uses Campaign Monitor. Very recently, we started seeing this code added into the Google Analytics query string:


Visiting this link creates a corrupted analytics cookie in Safari on OS X 10.4 (Firefox and OS X 10.5 work without issue). Anytime a user visits the site after clicking on the link, they'll see this message, until the cookies are cleared:

Bad Request

Your browser sent a request that this server could not understand.
Request header field is missing ':' separator.

|utmcct=0; __utma=94567066.344575884443755500.1251399331.1251399331.1251399331.1

I believe the problem is the presence of %0d%0a
(line feed and carriage return) characters in the URL, that is somehow triggering an issue with Safari correctly parsing cookies.

I've spoken to our agency about the problem, and we're unsure as to why this has started to occur suddenly, and only with particular links in our emailer. Our agency has already submitted a support ticket about the issue, but I'm curious enough about the problem to post here as well.


See why 200,000 companies worldwide love Campaign Monitor.

From Australia to Zimbabwe, and everywhere in between, companies count on Campaign Monitor for email campaigns that boost the bottom line.

Get started for free