diff --git a/_includes/master/global/foot.html b/_includes/master/global/foot.html
index 25647aefd..dde71bcac 100644
--- a/_includes/master/global/foot.html
+++ b/_includes/master/global/foot.html
@@ -114,7 +114,8 @@ <h5 class="modal-title">
   {%- else -%}
     {% assign bundle_optimization = site.settings.include-script-bundle-optimization %}
   {% endif %}
-  <script type="text/javascript" src="{{ '/assets/js/main.js' | relative_url }}?cb={{ site.time | date: '%s' }}" {{ bundle_optimization }}></script>
+  <!-- <script type="text/javascript" src="{{ '/assets/js/main.js' | relative_url }}?cb={{ site.time | date: '%s' }}" {{ bundle_optimization }}></script> -->
+  <script type="text/javascript" src="{{ site.url }}{{ '/assets/js/main.js' }}?cb={{ site.time | date: '%s' }}" {{ bundle_optimization }}></script>
 {% endif %}
 
 <!-- TODO: FIX THIS -->
diff --git a/_includes/master/global/head.html b/_includes/master/global/head.html
index 9d0611c01..d5e034e2d 100644
--- a/_includes/master/global/head.html
+++ b/_includes/master/global/head.html
@@ -162,11 +162,6 @@
         tikTokPixel: '{{ site.tracking.tiktok-pixel }}',
       },
       validRedirectHosts: ['itwcreativeworks.com'],
-      // tracking: {
-      //   googleAnalytics: '{{ site.tracking.google-analytics }}',
-      //   facebookPixel: '{{ site.tracking.facebook-pixel }}',
-      //   tikTokPixel: '{{ site.tracking.tiktok-pixel }}'
-      // }
     }
   };
 </script>
@@ -175,7 +170,7 @@
 {%- if site.favicon.path != null and site.favicon.path != '' -%}
   {% assign favicon_path = site.favicon.path %}
 {%- else -%}
-  {% assign favicon_path = '/assets/images/favicon' %}
+  {% assign favicon_path = site.url | append: '/assets/images/favicon' %}
 {%- endif -%}
 <link rel="apple-touch-icon" sizes="180x180" href="{{ favicon_path }}/apple-touch-icon.png?cb={{ site.time | date: '%s' }}">
 <link rel="icon" type="image/png" sizes="32x32" href="{{ favicon_path }}/favicon-32x32.png?cb={{ site.time | date: '%s' }}">
@@ -259,7 +254,8 @@
 {% elsif layout.settings.include-css-bundle == false %}
 {% elsif site.settings.include-css-bundle == false %}
 {% else %}
-  <link rel="stylesheet" type="text/css" href="{{ '/assets/css/main.css' | relative_url }}?cb={{ site.time | date: '%s' }}">
+  <!-- <link rel="stylesheet" type="text/css" href="{{ '/assets/css/main.css' | relative_url }}?cb={{ site.time | date: '%s' }}"> -->
+  <link rel="stylesheet" type="text/css" href="{{ site.url }}{{ '/assets/css/main.css' }}?cb={{ site.time | date: '%s' }}">
 {% endif %}
 
 {%- if include.post-bundle-css != null -%}
diff --git a/_layouts/master/authentication/main.html b/_layouts/master/authentication/main.html
index 078c74e77..019e215aa 100644
--- a/_layouts/master/authentication/main.html
+++ b/_layouts/master/authentication/main.html
@@ -446,11 +446,18 @@ <h5 class="modal-title" id="exampleModalLabel">Oops!</h5>
   var serverApiURL;
   var providerDetails = {}
   var redirectUrl;
+
   var qsToken;
   var qsSource;
   var qsDestination;
   var qsMessage;
   var qsEmail;
+  var qsProvider;
+  var qsSignout;
+  var qsIsSignup;
+  var qsNewsletter;
+  var qsAffiliateCode;
+
   var $authErrorModal;
   var $authErrorModalMessage;
   var $authLinks;
@@ -468,20 +475,21 @@ <h5 class="modal-title" id="exampleModalLabel">Oops!</h5>
       ? 'http://localhost:5001/PROJECT_ID/us-central1/bm_api'
       : 'https://us-central1-PROJECT_ID.cloudfunctions.net/bm_api'
 
-    qsToken = decodeURIComponent(url.searchParams.get('token') || '');
-    qsSource = decodeURIComponent(url.searchParams.get('source') || '');
-    qsDestination = decodeURIComponent(url.searchParams.get('destination') || '');
-    qsMessage = decodeURIComponent(url.searchParams.get('message') || '');
-    qsEmail = decodeURIComponent(url.searchParams.get('email') || '');
+    qsToken = url.searchParams.get('token') || '';
+    qsSource = url.searchParams.get('source') || '';
+    qsDestination = url.searchParams.get('destination') || '';
+    qsMessage = url.searchParams.get('message') || '';
+    qsEmail = url.searchParams.get('email') || '';
+    qsProvider = url.searchParams.get('provider') || '';
+    qsSignout = url.searchParams.get('signout') || '';
+    qsIsSignup = url.searchParams.get('isSignup') || '';
+    qsNewsletter = url.searchParams.get('newsletter') || '';
+    qsAffiliateCode = url.searchParams.get('affiliateCode') || '';
 
     redirectUrl = qsDestination || url.origin;
-    // redirectUrl = decodeURIComponent(url.searchParams.get('destination') || url.searchParams.get('auth_redirect') || '{{ site.url }}');
-
-    // console.log('--redirectUrl', redirectUrl);
     serverApiURL = serverApiURL.replace(/PROJECT_ID/g, Manager.properties.options.libraries.firebase_app.config.projectId)
 
-    $authErrorModal = new bootstrap.Modal(document.getElementById('auth-error-modal'), {
-    })
+    $authErrorModal = new bootstrap.Modal(document.getElementById('auth-error-modal'), {})
     $authErrorModalMessage = document.getElementById('auth-error-modal-message');
     $authLinks = select('a[href*="/signin"], a[href*="/signup"]');
     $emailInput = select('.auth-email-input');
@@ -557,7 +565,7 @@ <h5 class="modal-title" id="exampleModalLabel">Oops!</h5>
         display('hidden');
 
         // If there is a signout query param, sign out and quit
-        if (url.searchParams.get('signout')) {
+        if (qsSignout) {
           console.log('getRedirectResult(): Signing out...');
 
           action = true;
@@ -615,14 +623,15 @@ <h5 class="modal-title" id="exampleModalLabel">Oops!</h5>
           action = true;
           console.log('getRedirectResult(): Getting provider data...');
 
-          var provider = url.searchParams.get('provider');
-          if (provider) {
-            console.log('getRedirectResult(): signInWithRedirect', provider);
+          if (qsProvider) {
+            console.log('getRedirectResult(): signInWithRedirect', qsProvider);
 
-            firebase.auth().signInWithRedirect(new firebase.auth.OAuthProvider(provider))
-            .catch(function (e) {
+            try {
+              select('.auth-signin-provider-btn[data-provider="' + qsProvider + '"]').get(0).click();
+            } catch (e) {
+              console.error('getRedirectResult(): Error clicking provider button', e);
               display(e);
-            })
+            }
 
             return
           }
@@ -753,7 +762,7 @@ <h5 class="modal-title" id="exampleModalLabel">Oops!</h5>
       console.log('signUpHandler():', token);
 
       // If not a signup, resolve
-      if (url.searchParams.get('isSignup') !== 'true') {
+      if (qsIsSignup !== 'true') {
         return resolve();
       }
 
@@ -770,8 +779,8 @@ <h5 class="modal-title" id="exampleModalLabel">Oops!</h5>
           authenticationToken: token,
           command: 'user:sign-up',
           payload: {
-            newsletterSignUp: url.searchParams.get('newsletter') === 'true',
-            affiliateCode: url.searchParams.get('affiliateCode'),
+            newsletterSignUp: qsNewsletter === 'true',
+            affiliateCode: qsAffiliateCode,
           }
         }),
       })
diff --git a/_websrc/gulp_tasks/master/_prefill.js b/_websrc/gulp_tasks/master/_prefill.js
index e1cec65d1..53b65436f 100644
--- a/_websrc/gulp_tasks/master/_prefill.js
+++ b/_websrc/gulp_tasks/master/_prefill.js
@@ -239,7 +239,6 @@ gulp.task('_prefill', () => {
       //   process.exit(1)
       // })
 
-
       Global.set('prefillStatus', 'done');
       return resolve();
     } catch (e) {
diff --git a/package.json b/package.json
index 80a1ec216..0342914a2 100755
--- a/package.json
+++ b/package.json
@@ -84,7 +84,7 @@
     "through2": "4.0.2",
     "ultimate-jekyll-poster": "0.0.15",
     "vinyl-named": "1.1.0",
-    "web-manager": "3.2.3",
+    "web-manager": "3.2.5",
     "webpack": "5.88.0",
     "webpack-stream": "6.1.2",
     "yargs": "16.2.0",
diff --git a/special/master/pages/authentication/authentication-success.html b/special/master/pages/authentication/authentication-success.html
index c1b7bf5a5..5a5bf80b0 100644
--- a/special/master/pages/authentication/authentication-success.html
+++ b/special/master/pages/authentication/authentication-success.html
@@ -8,7 +8,7 @@
 ### REGULAR PAGES ###
 meta:
   title: "Authentication Success - {{ site.brand.name }}"
-  description: "Authentication Success for {{ site.brand.name }}."
+  description: "Authentication success for {{ site.brand.name }}."
   breadcrumb: "Authentication Success"
   index: false
 ---
diff --git a/special/master/pages/authentication/authentication-token.html b/special/master/pages/authentication/authentication-token.html
index a2bd2d20b..d97e0add2 100644
--- a/special/master/pages/authentication/authentication-token.html
+++ b/special/master/pages/authentication/authentication-token.html
@@ -8,7 +8,7 @@
 ### REGULAR PAGES ###
 meta:
   title: "Authentication Token - {{ site.brand.name }}"
-  description: "Authentication Token {{ site.brand.name }}."
+  description: "Authentication token {{ site.brand.name }}."
   breadcrumb: "Authentication Token"
   index: false
 ---
diff --git a/special/master/pages/authentication/oauth2.html b/special/master/pages/authentication/oauth2.html
index 5ebc31b08..699c1b4ff 100644
--- a/special/master/pages/authentication/oauth2.html
+++ b/special/master/pages/authentication/oauth2.html
@@ -1,4 +1,8 @@
 ---
+### PURPOSE ###
+# This page is used to authorize a user's account to connect it to a third-party provider.
+# For example, when they "Link" their Google account to their first-party account from their /account/ page.
+
 ### ALL PAGES ###
 layout: master/global/default
 permalink: /oauth2/
diff --git a/special/master/redirects/authentication/required.html b/special/master/redirects/authentication/authentication-required.html
similarity index 100%
rename from special/master/redirects/authentication/required.html
rename to special/master/redirects/authentication/authentication-required.html
diff --git a/special/master/redirects/authentication/authentication-success.html b/special/master/redirects/authentication/authentication-success.html
new file mode 100644
index 000000000..3cd95c1f7
--- /dev/null
+++ b/special/master/redirects/authentication/authentication-success.html
@@ -0,0 +1,9 @@
+---
+### ALL PAGES ###
+layout: master/misc/redirect
+permalink: /authentication/success/
+
+### REGULAR PAGES ###
+redirect:
+  url: /authentication-success
+---
diff --git a/special/master/redirects/authentication/token.html b/special/master/redirects/authentication/authentication-token.html
similarity index 80%
rename from special/master/redirects/authentication/token.html
rename to special/master/redirects/authentication/authentication-token.html
index c95520ad3..00da43e02 100644
--- a/special/master/redirects/authentication/token.html
+++ b/special/master/redirects/authentication/authentication-token.html
@@ -5,5 +5,5 @@
 
 ### REGULAR PAGES ###
 redirect:
-  url: /token
+  url: /authentication-token
 ---
diff --git a/special/master/redirects/authentication/oauth.html b/special/master/redirects/authentication/oauth2.html
similarity index 100%
rename from special/master/redirects/authentication/oauth.html
rename to special/master/redirects/authentication/oauth2.html
diff --git a/special/master/redirects/misc/search-cse.html b/special/master/redirects/misc/search-cse.html
index e094ad819..711d09528 100644
--- a/special/master/redirects/misc/search-cse.html
+++ b/special/master/redirects/misc/search-cse.html
@@ -1,26 +1,9 @@
 ---
 ### ALL PAGES ###
+layout: master/misc/redirect
 permalink: /search/cse/
 
 ### REGULAR PAGES ###
-sitemap:
-  include: false
-
-meta:
-  index: false
+redirect:
+  url: "https://cse.google.com/cse?cx=partner-{{ site.advertising.google-adsense }}-{{ site.advertising.cse-site-id }}&ie=UTF-8&q="
 ---
-<html lang="en">
-  <head>
-    <!-- <meta http-equiv="refresh" content="0; url={{ page.redirect.url }}"> -->
-  </head>
-
-  <body>
-    Redirecting...
-    <script type="text/javascript">
-      function getQueryStringValue (key) {
-        return decodeURIComponent(window.location.search.replace(new RegExp("^(?:.*[&\\?]" + encodeURIComponent(key).replace(/[\.\+\*]/g, "\\$&") + "(?:\\=([^&]*))?)?.*$", "i"), "$1"));
-      }
-      window.location.href = "https://cse.google.com/cse?cx=partner-{{ site.advertising.google-adsense }}-{{ site.advertising.cse-site-id }}&ie=UTF-8&q=" + getQueryStringValue("q");
-    </script>
-  </body>
-</html>
diff --git a/special/master/server/auth/handler.html b/special/master/server/auth/handler.html
new file mode 100644
index 000000000..2137c0df5
--- /dev/null
+++ b/special/master/server/auth/handler.html
@@ -0,0 +1,107 @@
+---
+### PURPOSE ###
+# This page is fetched/copied to the BEM server and used to authorize a user's account to connect it to a third-party provider.
+
+### ALL PAGES ###
+layout: master/global/default
+permalink: /server/auth/handler/
+sitemap:
+  include: false
+
+### REGULAR PAGES ###
+meta:
+  title: "Auth Handler - {{ site.brand.name }}"
+  description: "Auth Handler to {{ site.brand.name }}."
+  breadcrumb: "Auth Handler"
+  index: false
+---
+
+<script>
+  Manager.ready(function() {
+    var searchParams = Manager.properties.page.queryString;
+    var qsToken = searchParams.get('token');
+    var qsProvider = searchParams.get('provider');
+    var qsDestination = searchParams.get('destination');
+
+    console.log('main(): Initializing...', qsToken, qsProvider, qsDestination);
+
+    // Sign out if there is no token
+    attemptSignout(qsToken)
+    .then(function () {
+
+      // Sign in with the provider ID
+      attemptSignin(qsToken, qsProvider)
+      .then(function (signingIn) {
+
+        if (signingIn) {
+          console.log('main(): Signing in...');
+
+          // If we are signing in, then we need to wait for the redirect to
+          // complete before we can continue.
+          return;
+        } else {
+          console.log('main(): Not signing in, continuing...');
+
+          attemptRedirect(qsToken, qsDestination);
+        }
+      })
+    })
+  });
+
+  function attemptSignout(token) {
+    return new Promise(function(resolve, reject) {
+      if (token) {
+        console.log('attemptSignout(): Token present, so not signing out');
+        // If there is a token, we resolve with `false` to indicate no sign-out occurred.
+        resolve(false);
+      } else {
+        console.log('attemptSignout(): No token present, so signing out');
+        // Attempt to sign out and then resolve with `true` to indicate sign-out occurred.
+        firebase.auth().signOut()
+        .then(function() {
+          resolve(true); // Sign-out successful, resolve with `true`.
+        })
+        .catch(function(error) {
+          reject(error); // There was an error signing out.
+        });
+      }
+    });
+  }
+
+  function attemptSignin(token, provider) {
+    return new Promise(function(resolve, reject) {
+      if (token) {
+        console.log('attemptSignin(): Token present, not signing in');
+        resolve(false);
+      } else {
+        console.log('attemptSignin(): No token present, signing in');
+        var OAuthProvider = new firebase.auth.OAuthProvider(provider);
+
+        // Resolve to true immediately, indicating sign-in has begun.
+        resolve(true);
+
+        // Then, start the sign-in process.
+        firebase.auth().signInWithRedirect(OAuthProvider)
+        .catch(function(error) {
+          reject(error);
+        });
+      }
+    });
+  }
+
+  function attemptRedirect(token, destination) {
+    return new Promise(function(resolve, reject) {
+      if (token && destination) {
+        console.log('attemptRedirect(): Token present, redirecting');
+
+        resolve(true);
+
+        window.location.href = destination;
+      } else {
+        console.log('attemptRedirect(): No token present, not redirecting');
+
+        resolve(false);
+      }
+    });
+  }
+</script>