Background
The Acquia platform, as a means to maximize performance via the Varnish caching layer, removes web analytics parameters from URLs (for example, Google Analytics' utm_source and others).
However, if your application requires issuing redirects that need to keep these parameters, then you will need to implement some additional strategies.
Strategies
To properly have a site effectively handle utm parameters while maintaining the best performance (with our Varnish stripping), various strategies are recommended. You should evaluate each one (and potentially use various at the same time) to determine which are best for your particular use case.
1) Ensure your site advertises https:// URLs everywhere
If search engines, ads, emails, etc. still use HTTP URLs, you should work on changing that and stick to using HTTPS URLs only to minimize the need for handling redirects at your application.
2) Handling redirects from Drupal
Because this option requires that you turn off Drupal page caching for parts or all of your site, you will need to handle with care.
For the very specific use case of handling UTM parameters for redirects built using the Redirect module (and, with page caching disabled) you can use the https://www.drupal.org/project/acquia_analytics_redirects module. It will properly redirect URLs using the hidden X-Acquia-Stripped-Query header sent from Varnish to the Apache/Drupal backend. NOTE that you should read the project page/documentation for more details.
3) Handling redirects from .htaccess
Sometimes, a .htaccess file which includes HTTP->HTTPS or other redirects may not include logic to handle URLs with Google Analytics utm* parameters. The way around this is:
A workaround involves using the X-Acquia-Stripped-Query header to build the destination URL
and avoiding caching of these redirects by marking them as 302s (instead of 301).
Below is an example .htaccess section that can handle HTTP -> HTTPS redirects while including the parameters:
# EXAMPLE: NOT MEANT TO USE AS-IS; do edit and test according to your site.
#
# HTTP -> HTTPS redirect + Keep web analytics parameters
#
# Only triggers when the Acquia Varnish layer has stripped parameters
# like 'utm_*'.
# See https://docs.acquia.com/acquia-cloud/performance/varnish/querystrings/
#
# This redirect is a 302 to avoid caching at the Varnish layer.
#
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTP:X-Acquia-Stripped-Query} .+
# ... you can add more conditions here ...
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}?%{HTTP:X-Acquia-Stripped-Query} [L,R=302]
4) Use HSTS to avoid HTTP requests
You can also enable HSTS on your site, which sends a special header that modern browsers will use to always use https to connect to your site (no redirect needed!). To enable HSTS, please read our article at: https://support.acquia.com/hc/en-us/articles/360004119254-How-To-enable-HSTS-for-your-Drupal-site