Last Updated: May 20, 2022

This article will help you understand Facebook referral traffic in Google Analytics.

If you have ever looked into Google Analytics with the aim to track the performance of Facebook campaigns, you know that Facebook generates way too many referrers:

I discovered 43 different Facebook referrers in the Google Analytics report of the last one year alone.

So let us start with understanding what these different referrers are and why Facebook generates so many referrers.

Introduction to Facebook Link Shim

Link Shim is a tool used by Facebook to achieve the following three objectives:

1. To check whether a clicked link is spammy/malicious. If yes, then warn the user of the malicious website ahead.
2. To rewrite referrer in order to hide personally identifiable information and thus protect users’ privacy.
3. To preserve Facebook referrer data esp. when a user navigates from an HTTPS to a Non-HTTPS website.

Link Shim Tool Checks for Spammy / Malicious Links

Every time a user clicks on an external link on Facebook, the Link Shim tool checks whether the clicked link is spammy/malicious.

The link is checked against Facebook’s own internal database of spammy/malicious links.

If Facebook detects that the clicked link is malicious, then it redirects the user to an intermediate page, which warns the user of the malicious website ahead and gives them the option to return to Facebook:

Link Shim Tool Rewrites Facebook Referrers

Facebook is very wary about protecting its users’ privacy and going to great lengths, in making sure, that it hides personally identifiable information from third party websites.

In Facebook’s own words:

Facebook is one site where referrers don’t really belong.

As part of our continued efforts to protect users’ privacy, we proactively protect our users from exposing how they navigated to an external site.

Source: https://www.facebook.com/notes/facebook-engineering/protecting-privacy-with-referrers/392382738919

The link shim tool is actively used to rewrite Facebook referrers, in order to hide personally identifiable information like removing user IDs from referrer URLs, before web browsers send them to external websites.

If you are noticing link shim referrals in Google Analytics then it indicates that your website was evaluated by Facebook’s link shim system.

The main function of the link shim system is to validate the URL against the huge internal database of malicious links, every time a user clicks on the link on Facebook or any Facebook ads.

Get this 70 page detailed checklist containing screenshots, step-by-step instructions and links to articles

Do you want to set up Google Analytics 4 (GA4) fast and correctly?

Yes I want the ebook

Link Shim Tool Preserves Facebook Referrers

By default, a referrer is dropped when a user navigates from an HTTPS website to an HTTP website.

This is done, in order to follow the secure protocol which states that:

If a website is accessed from a HTTP Secure (HTTPS) connection and a link points to anywhere except another secure location, then the referer field is not sent – Source: https://en.wikipedia.org/wiki/HTTP_referer

Facebook is on HTTPS but many websites are not. So in the past, Facebook wasn’t able to send referrer data to non-HTTPS websites, as referrer can not be passed from an HTTPS website to a non-HTTPS website.

In order to fix this problem, Facebook started using an internal redirect script, that first redirects a visitor to a non-HTTPS page (which creates its own referrer data) before sending the visitor to the actual URL on an HTTP website.

For example, when you click on an external link say: http://www.eventeducation.com/forming-event-company.php on Facebook, you will be first be redirected to an intermediate non-HTTPS page like:

http://facebook.com/l.php?u=http%3A%2F%2Fwww.eventeducation.com%2Fforming-event-company.php&h=1AQGREEXZ&enc=AZOFTubs48cxGeO0qt2G1BRSP4dIKtxGE3iw3qRxJo9F1n5wvjNGriJd2WY4VBpO6xw_kYtWTeKZLwHhlHN5VjYv-hbh0EeAJppnApx1N8eCxOSUjW-yd3upyNt_J9rrMZAfD5YbqWtMwFkDJ0EPRtOB5emrpi8GS0OHOH-DevWabRLC6GiCDevNtQO0ZETLA-9CkdcooVrT6sbkr6kIaON4BcbrZYm1StqEsIqc79xcQyOKLMLdtM2yyXOqVlYkT0Q&s=1

Before you are sent to the actual URL. This temporary redirect to the intermediate page: facebook.com/l.php lasts for only milliseconds. Because of this reason, you can’t see this redirect taking place. What you really see, is the final destination URL.

Now since Facebook is not sending the original referral data from an HTTPS website to an HTTP website, it is honouring the secure protocol and at the same time, also able to send the referrer data.

Google and Twitter follow the same tactic. They create and send their own referrer data instead of the original referrer data.

Now since Facebook does not send the original referrer data, they can rewrite the referrer data, whatever way they want and can hide any information they like.

Another obvious advantage of using this tactic is that Facebook can easily hide personally identifiable information and can thus protect users’ privacy.

Facebook Link Shim Pages

Facebook link shim page is the non-HTTPS web page where a user is temporarily redirected (for few milliseconds) before being redirected to the desired web page.

Following is the example of a URL of a link shim page:

http://facebook.com/l.php?u=http%3A%2F%2Fwww.eventeducation.com%2Fforming-event-company.php&h=1AQGREEXZ&enc=AZOFTubs48cxGeO0qt2G1BRSP4dIKtxGE3iw3qRxJo9F1n5wvjNGriJd2WY4VBpO6xw_kYtWTeKZLwHhlHN5VjYv-hbh0EeAJppnApx1N8eCxOSUjW-yd3upyNt_J9rrMZAfD5YbqWtMwFkDJ0EPRtOB5emrpi8GS0OHOH-DevWabRLC6GiCDevNtQO0ZETLA-9CkdcooVrT6sbkr6kIaON4BcbrZYm1StqEsIqc79xcQyOKLMLdtM2yyXOqVlYkT0Q&s=1

You do not see the link shim page URL when you mouse over an external link on Facebook. What you see on mouseover, is the URL of the destination page.

Facebook uses onmousedown handler that modifies the link (into link shim link) after a user has clicked it. So your web browser sees the link shim link first before it is redirected to the destination link. All of this happens so fast, that as a user, all you see is the URL of the final destination page.

Following are the two most common URIs of a link shim page:

• /l.php
• /lsr.php

Other less common URIs are a.php, home.php, etc.

Have you have noticed that you have traffic from l.facebook.com and lm.facebook.com? Traffic which is coming from mobile link shim is reported as lm.facebook.com and traffic which is coming from desktop link shim is l.facebook.com

These prefixes are added to the URLs before being sent to the final URL because Facebook temporarily redirects the external link on Facebook to their link shim page. But make sure that both the l.facebook and lm.facebook are Facebook referral traffic only.

Facebook Link Shim Referrals

All link shim pages rewrite and send Facebook referrer data to web browsers. So technically speaking, all link shim referrers are the same as the Facebook referrers, we see in Google Analytics reports.

However, there are some Facebook referrers that contain the letter ‘l’ somewhere. For easy reference, I call such referrers as link shim referrers. 

Following are some examples of such referrers:

• l.facebook.com/l.php
• l.facebook.com/lsr.php
• facebook.com/l.php
• m.facebook.com/l.php
• lm.facebook.com/l.php
• lm.facebook.com/lsr.php

Every user who clicks on an external link on Facebook is temporarily redirected to a link shim page, before being sent to the destination page.

How do I know this for so sure? This is because Facebook can not rewrite referrer data otherwise.

According to Facebook’s documentation on link shim, the link shim tool is also used to protect users’ privacy and identity.

Therefore we can not conclude that:

• Only the traffic from l.facebook.com or lm.facebook is directed through the link shim page.
• All the traffic from facebook.com or m.facebook is not directed through the link shim page.

The only thing we can safely conclude, at this point, is that Facebook is not consistent with the naming of its referral data.

Since Facebook does not send the original referrer data, they can rewrite the referrer data, whatever way they want, whenever they want and can hide any information they like.

It seems they keep dropping and introducing new referrers.

I discovered 43 different Facebook referrers in the Google Analytics report of the last one year alone.

Following are some examples:

1. p.facebook.com / referral
2. cstools.facebook.com / referral
3. pt-br.facebook.com / referral
4. fb.m.facebook.com / referral
5. intern.facebook.com / referral
6. 0.facebook.com / referral
7. our.intern.facebook.com / referral
8. apps.facebook.com / referral
9. our.cstools.facebook.com / referral
10. touch.facebook.com / referral
11. business.facebook.com / referral
12. mbasic.facebook.com / referral
13. web.facebook.com / referral
14. similarweb.facebook.com
15. mobile.facebook.com
16. m.facebook.com
17. lm.facebook.com
18. static.ak.facebook.com

Most of these referrers are legitimate, in case you are wondering if they could be referrer spam.

Some of these referrers no longer exist. For example:

• web.facebook.com redirects to facebook.com
• Apps.facebook.com redirects to facebook.com/games/

Not all mobile traffic from Facebook is actually from mobile devices

You may be under the impression that all of the traffic from m.facebook.com, mobile.facebook.com or lm.facebook.com is from mobile devices. But this is not always the case.

First of all, you can access the following so-called mobile websites directly through your desktop:

• https://m.facebook.com/
• https://lm.facebook.com/
• https://mobile.facebook.com/

Go ahead and try it yourself. Once you have visited the website, check the Facebook referrer data. You will see Facebook traffic from mobile websites.

You can also confirm my observation by applying a ‘desktop and tablet traffic’ and ‘mobile traffic’ advanced segment to Facebook referrer data:

From this data, we can conclude that people do access the mobile version of Facebook from desktop devices.

One reason could be that some people are forced to use the mobile version of Facebook when JavaScript is disabled on their browser.

I came to the conclusion because the Facebook desktop version stopped working the moment I disabled JavaScript in my browser:

Here, reloading the page, won’t solve the problem and I don’t want to log out.

So next best thing I can do is click on the ‘mobile-optimized website’ link and go to the mobile version of the Facebook website from a desktop.

It is during this time, I discovered the full URL of the link shim page. Whenever JavaScript is disabled, you can see the full URL of a link shim page on mouseover an external link.

My Step-By-Step Blueprint For Getting Started With Attribution Modelling in Google Analytics

Get the FREE e-book on Google Analytics Attribution Modelling (52 Pages)

Yes I want the FREE ebook

Facebook traffic can be labelled as direct traffic in Google Analytics

Facebook traffic can end up as direct traffic, esp. if your website is not on HTTPS. Facebook’s mechanism of passing referrer data from an HTTPS website to an HTTP website is not foolproof and referrer can drop during a redirect from an HTTPS website to an HTTP website.

Whenever a referrer is not passed, the traffic is treated as ‘direct traffic’ by Google Analytics.

Moreover, Facebook is accessed by people using a variety of apps (on both desktop and mobile) and not all of these apps (esp.the mobile one) send referrer data. Following are the two most effective way to preserve Facebook referral data:

1. Move your entire website (both desktop and mobile version) to secure connection (HTTPS). Referrer data is more likely to pass from one HTTPS website to another.
2. Always tag your Facebook ad campaigns.

Tracking Facebook referrers via custom channel grouping

In order to track Facebook traffic in Google Analytics, follow the steps below:

Step-1: Navigate to All Traffic report (Acquisition > Source / Medium) in your GA view:

Step-2: Type ‘Facebook’ in the search box on the reporting interface and then press enter. You will then see all of the Facebook traffic:

However, this is not the best way to look at Facebook traffic data every day. So what I suggest is to create a custom channel grouping just for Facebook. Follow the steps below:

Step-1: Navigate to the ‘Admin’ of the main view in GA and then click on Channel Settings > Channel Grouping under the ‘view’ section:

Step-2: Click on the ‘New Channel Grouping‘ button:

Step-3: Create a new channel grouping with the following configuration:

Channel Grouping Name: Facebook Channel

Channel Name: Facebook

Define Rules

Source / Medium contains facebook

Step-4: Click on the ‘Done’ button and then click on the ‘Save’ button. Your Facebook channel will now appear in the channel grouping list:

Step-5: Navigate to Acquisition> All Traffic > Channels report.

Step-6: Select ‘Facebook Channel‘ from the drop-down menu and then click on the ‘Facebook’ link as shown below:

Step-7: Click on the ‘Facebook’ link as shown below:

You can then see all of the Facebook traffic sources:

My Step-By-Step Blueprint (100+ Pages) For Learning and Mastering GTM Data Layers

Get The Only Ebook On GTM Data Layer Ever Published (100+ pages). Learn & Master Data Layers

Yes I want the ebook

How to clean up Facebook referral traffic in Google Analytics

The best way to clean up the referral traffic in Google Analytics is by using filters in the reporting view. By using filters we should be able to combine all Facebook traffic into a single source.

Follow the below steps in order to apply a custom filter in the reporting view.

Step-1: Log in to your Google Analytics account.

Step-2: Click on the ‘Admin’ settings on the left-hand side bottom.

Step-3: Under the ‘View’ column, click on ‘Filters’.

Step-4: Click on the ‘Add Filter’ button, as shown below.

Note: Only Google Analytics users who have Edit permission at the account level can:

• Create/edit filters at the account level
• Create/edit filters at the view level
• Apply filters to any view in the account

If you do not have the necessary permission to edit/add the filter configuration you can reach out to the admin of the Google Analytics account, who would be able to grant you access or change your access levels.

Step-5: Select ‘Create a new filter’ from the options.

Step-6: In ‘Filter information’, enter the filter name of your choice e.g. ‘Facebook Referrals’.

Step-7: Select the ‘Filter type’ as custom and then select the ‘Search and replace filter’.

Step-8: Select ‘Campaign source’ in the ‘Filter field’ settings.

Step-9: In the ‘Search and replace’ filter settings enter the below configuration:

Search string: .*\.facebook\.com$
Replace string: facebook.com

Filter configuration
1) Choose the right method: ‘Create new Filter’
2) Give it a name: e.g. Facebook Referrals
3) Filter Type: Custom
4) Filter Subtype: Search and Replace
5) Filter Field: Campaign Source

The above configuration will search for any Facebook source, including subdomains like l.facebook.com and lm.facebook.com, and replace them with facebook.com in your Google Analytics reports.

Step-10: Click on ‘Save’.

After the filter has been saved, you will see all the traffic from Facebook referrals will be considered as facebook/referral in Source/Medium reports.

Please note that filters do not work retroactively on past data. Filters will only start working once they are created in that specific view and will not change any historical data.

It is recommended that you combine all the Facebook referral traffic using filters or advance segments so that it gives you instant results every time you want to pull insight from your data.

Once you apply the filter in one of your Google Analytics view, instead of noticing an increased number of rows of Facebook referral data, you will now only see one row which will have the source as facebook.com and the medium as referral.

How to track paid traffic from Facebook

Always use campaign tags to track the paid traffic from your Facebook campaigns. Campaign tags are simply the extra parameters that are added at the end of your URL.

To set up campaign parameters, you can use the URL builder tool to append the parameters.

Below is an example of a URL tagged with campaign parameters:

https://www.abc.com/landing-page?utm_source=facebook.com&utm_medium=social&utm_campaign=facebook%20ads

When a user clicks on a URL tagged with campaign parameters, Google Analytics will assign that traffic to the source and medium assigned in the URL.

If we consider the above example, the source is facebook.com and the medium is considered as social in Google Analytics reports.

It is always recommended that you use facebook.com as the source and social as the medium for your paid Facebook ads so that this traffic is added to the social reports in Google Analytics.

Other articles on Facebook Pixel Tracking

1. Facebook Attribution and Conversion Windows Tutorial
2. Facebook ROI Calculation, Analysis and Examples
3. How to set up the Facebook Attribution Tool
4. How to Setup Funnels in Facebook Ads Manager
5. How to use funnels for your Facebook Ad Campaigns
6. How to advertise on Facebook for FREE with unlimited budget
7. Secret to Setup Facebook Pixel Tracking Correctly in Google Tag Manager
8. Facebook Pixel vs Google Analytics Data Discrepancies
9. facebook.com Referral Traffic in Google Analytics Explained
10. Learn to set up Facebook Pixel via Google Tag Manager
11. Send Facebook Pixel Purchase Event via Google Tag Manager
12. Open Graph Protocol for Facebook Explained with Examples
13. Tracking Facebook ‘Likes’ and ‘Unlikes’ in Google Analytics
14. Google Analytics for Facebook Tutorial
15. Facebook Attribution Models Tutorial
16. GTM Server Side Tagging for Facebook Tutorial
17. The impact of Apple IOS 14.5 update on Facebook Ads
18. How to add Facebook Pixel to WordPress Website
19. How to add Facebook Pixel to WordPress without a Plugin
20. How to track Facebook events via Google Tag Manager
21. How to use the Facebook Event Setup Tool
22. How to use the Facebook Pixel Helper to Test Facebook Events
23. How to automatically turn off Facebook ads on weekends
24. How to name Facebook Ad Campaigns like a Pro

Frequently Asked Questions About Understanding Facebook Referral Traffic in Google Analytics