I just found the "Tracking Token Stripper 2.1" also works with Firefox 62.0 (I don't know older, maybe it does) which removes #UTM #click-tracking tokens from the to-be requested URLs. I tried it with Firefox' own about: page and it worked, even from within the one you can reach over Help->About.

And #TIL athat UTM is #Google-Analytics ... So, if you request such URLs where that tracking pixel is installed, #Google (and so the #NSA )knows that you clicked it e.g. from an email or #RSS feed (aggregator).

It seem to be written for Chrome, so also these users can protect themselves.