diff --git a/apps/client/src/app/app-routing.module.ts b/apps/client/src/app/app-routing.module.ts
index 55f025134..8c81bd1bd 100644
--- a/apps/client/src/app/app-routing.module.ts
+++ b/apps/client/src/app/app-routing.module.ts
@@ -82,7 +82,7 @@ const routes: Routes = [
     // wildcard, if requested url doesn't match any paths for routes defined
     // earlier
     path: '**',
-    redirectTo: '/home',
+    redirectTo: 'home',
     pathMatch: 'full'
   }
 ];
diff --git a/apps/client/src/app/core/auth.guard.ts b/apps/client/src/app/core/auth.guard.ts
index fcb962fcf..5df7a3638 100644
--- a/apps/client/src/app/core/auth.guard.ts
+++ b/apps/client/src/app/core/auth.guard.ts
@@ -6,16 +6,25 @@ import {
   RouterStateSnapshot
 } from '@angular/router';
 
+import { SettingsStorageService } from '../services/settings-storage.service';
 import { TokenStorageService } from '../services/token-storage.service';
 
 @Injectable({ providedIn: 'root' })
 export class AuthGuard implements CanActivate {
   constructor(
     private router: Router,
+    private settingsStorageService: SettingsStorageService,
     private tokenStorageService: TokenStorageService
   ) {}
 
   canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot) {
+    if (route.queryParams?.utm_source) {
+      this.settingsStorageService.setSetting(
+        'utm_source',
+        route.queryParams?.utm_source
+      );
+    }
+
     const isLoggedIn = !!this.tokenStorageService.getToken();
 
     if (isLoggedIn) {
diff --git a/apps/client/src/app/pages/home/home-page.component.ts b/apps/client/src/app/pages/home/home-page.component.ts
index d67481c9d..ef2932096 100644
--- a/apps/client/src/app/pages/home/home-page.component.ts
+++ b/apps/client/src/app/pages/home/home-page.component.ts
@@ -68,7 +68,7 @@ export class HomePageComponent implements OnDestroy, OnInit {
     private settingsStorageService: SettingsStorageService,
     private tokenStorageService: TokenStorageService
   ) {
-    this.routeQueryParams = route.queryParams
+    this.routeQueryParams = this.route.queryParams
       .pipe(takeUntil(this.unsubscribeSubject))
       .subscribe((params) => {
         if (params['performanceChartDialog']) {
diff --git a/apps/client/src/app/pages/login/login-page.component.ts b/apps/client/src/app/pages/login/login-page.component.ts
index d1dd0bfbc..d2a6f198f 100644
--- a/apps/client/src/app/pages/login/login-page.component.ts
+++ b/apps/client/src/app/pages/login/login-page.component.ts
@@ -37,9 +37,6 @@ export class LoginPageComponent implements OnDestroy, OnInit {
    * Initializes the controller
    */
   public ngOnInit() {
-    // Remove all tokens (e.g. impersonationId)
-    window.localStorage.clear();
-
     this.dataService.fetchInfo().subscribe(({ demoAuthToken }) => {
       this.demoAuthToken = demoAuthToken;
 
diff --git a/apps/client/src/app/services/data.service.ts b/apps/client/src/app/services/data.service.ts
index 78c0f6cb0..81908d4b6 100644
--- a/apps/client/src/app/services/data.service.ts
+++ b/apps/client/src/app/services/data.service.ts
@@ -23,19 +23,25 @@ import {
   PortfolioReport,
   User
 } from '@ghostfolio/common/interfaces';
+import { permissions } from '@ghostfolio/common/permissions';
 import { Order as OrderModel } from '@prisma/client';
 import { Account as AccountModel } from '@prisma/client';
 import { parseISO } from 'date-fns';
 import { Observable } from 'rxjs';
 import { map } from 'rxjs/operators';
 
+import { SettingsStorageService } from './settings-storage.service';
+
 @Injectable({
   providedIn: 'root'
 })
 export class DataService {
   private info: InfoItem;
 
-  public constructor(private http: HttpClient) {}
+  public constructor(
+    private http: HttpClient,
+    private settingsStorageService: SettingsStorageService
+  ) {}
 
   public fetchAccounts() {
     return this.http.get<AccountModel[]>('/api/account');
@@ -75,7 +81,20 @@ export class DataService {
       }
     */
 
-    return this.http.get<InfoItem>('/api/info');
+    return this.http.get<InfoItem>('/api/info').pipe(
+      map((data) => {
+        if (
+          this.settingsStorageService.getSetting('utm_source') ===
+          'trusted-web-activity'
+        ) {
+          data.globalPermissions = data.globalPermissions.filter(
+            (permission) => permission !== permissions.enableSubscription
+          );
+        }
+
+        return data;
+      })
+    );
   }
 
   public fetchSymbolItem(aSymbol: string) {
diff --git a/apps/client/src/app/services/token-storage.service.ts b/apps/client/src/app/services/token-storage.service.ts
index e50f1a913..88fcbe221 100644
--- a/apps/client/src/app/services/token-storage.service.ts
+++ b/apps/client/src/app/services/token-storage.service.ts
@@ -27,8 +27,14 @@ export class TokenStorageService {
   }
 
   public signOut(): void {
+    const utmSource = window.localStorage.getItem('utm_source');
+
     window.localStorage.clear();
 
+    if (utmSource) {
+      window.localStorage.setItem('utm_source', utmSource);
+    }
+
     this.hasTokenChangeSubject.next();
   }
 }