Understanding Facebook Referral Traffic in Google Analytics
Table of Contents
If you have ever looked into Google Analytics with the aim to track the performance of Facebook campaigns, you know that Facebook generates, way too many referrers:
I discovered 43 different Facebook referrers in the Google Analytics report of the last one year alone.
So let us start with understanding what these different referrers are and why Facebook generates so many referrers.
Introduction to Facebook Link Shim
‘Link Shim’ is a tool used by Facebook to achieve following three objectives:
- To check whether a clicked link is spammy/malicious. If yes, then warn user of the malicious website ahead.
- To rewrite referrer in order to hide personally identifiable information and thus protect users’ privacy.
- To preserve Facebook referrer data esp. when a user navigates from HTTPS to Non-HTTPS website.
Link Shim Tool Checks for Spammy / Malicious Links
Every time a user clicks on an external link on Facebook, the ‘Link Shim’ tool checks whether the clicked link is spammy / malicious.
The link is checked against Facebook own internal database of spammy / malicious links.
If Facebook detects that the clicked link is malicious, then it redirects the user to an intermediate page, which warn user of the malicious website ahead and give him the option to return to Facebook:
Get the E-book (52 Pages)
Get the E-Book (37 Pages)
Link Shim Tool Rewrites Facebook Referrers
Facebook is very wary about protecting its users’ privacy and going to great length, in making sure, that it hides personally identifiable information from third party websites.
In Facebook own words:
Facebook is one site where referrers don’t really belong.
As part of our continued efforts to protect users’ privacy, we proactively protect our users from exposing how they navigated to an external site.
Source: https://www.facebook.com/notes/facebook-engineering/protecting-privacy-with-referrers/392382738919
The ‘Link Shim’ tool is actively used to rewrite Facebook referrers, in order to hide personally identifiable information like removing user IDs from referrer URLs, before web browsers send them to external websites.
Link Shim Tool Preserves Facebook Referrers
By default, a referrer is dropped when a user navigate from https website to a http website.
This is done, in order to follow the secure protocol which states that:
If a website is accessed from a HTTP Secure (HTTPS) connection and a link points to anywhere except another secure location, then the referer field is not sent – Source: https://en.wikipedia.org/wiki/HTTP_referer
Facebook is on HTTPS but many websites are not.
So in the past, Facebook wasn’t able to send referrer data to non-HTTPS websites, as referrer can not be passed from a HTTPS website to non-HTTPS website.
In order to fix this problem, Facebook started using an internal redirect script, that first redirects a visitor to a non-HTTPS page (which creates its own referrer data) before sending the visitor to the actual URL on a HTTP website.
For example,when you click on an external link say: http://www.eventeducation.com/forming-event-company.php on Facebook, you will be first be redirected to an intermediate non-HTTPS page like:
http://facebook.com/l.php?u=http%3A%2F%2Fwww.eventeducation.com%2Fforming-event-company.php&h=1AQGREEXZ&enc=AZOFTubs48cxGeO0qt2G1BRSP4dIKtxGE3iw3qRxJo9F1n5wvjNGriJd2WY4VBpO6xw_kYtWTeKZLwHhlHN5VjYv-hbh0EeAJppnApx1N8eCxOSUjW-yd3upyNt_J9rrMZAfD5YbqWtMwFkDJ0EPRtOB5emrpi8GS0OHOH-DevWabRLC6GiCDevNtQO0ZETLA-9CkdcooVrT6sbkr6kIaON4BcbrZYm1StqEsIqc79xcQyOKLMLdtM2yyXOqVlYkT0Q&s=1
Before you are sent to the actual URL. This temporary redirect to the intermediate page: facebook.com/l.php last for only milliseconds.
Because of this reason, you can’t see this redirect taking place.
What you really see, is the final destination URL.
Now since Facebook is not sending the original referral data from a HTTPS website to a HTTP website, it is honouring the secure protocol and at the same time, also able to send the referrer data.
Google and twitter follow the same tactic.
They create and send their own referrer data instead of the original referrer data.
Now since Facebook does not send the original referrer data, they can rewrite the referrer data, whatever way they want and can hide any information they like.
Another obvious advantage of using this tactic is that, Facebook can easily hide personally identifiable information and can thus protect users’ privacy.
Facebook Link Shim Pages
Facebook link shim page is the non-HTTPS web page where a user is temporarily redirected (for few milliseconds) before being redirected to the desired web page.
Following is the example of a URL of a link shim page:
http://facebook.com/l.php?u=http%3A%2F%2Fwww.eventeducation.com%2Fforming-event-company.php&h=1AQGREEXZ&enc=AZOFTubs48cxGeO0qt2G1BRSP4dIKtxGE3iw3qRxJo9F1n5wvjNGriJd2WY4VBpO6xw_kYtWTeKZLwHhlHN5VjYv-hbh0EeAJppnApx1N8eCxOSUjW-yd3upyNt_J9rrMZAfD5YbqWtMwFkDJ0EPRtOB5emrpi8GS0OHOH-DevWabRLC6GiCDevNtQO0ZETLA-9CkdcooVrT6sbkr6kIaON4BcbrZYm1StqEsIqc79xcQyOKLMLdtM2yyXOqVlYkT0Q&s=1
You do not see the link shim page URL, when you mouse over an external link on Facebook.
What you see on mouseover, is the URL of the destination page.
Facebook uses onmousedown handler that modifies the link (into link shim link), after a user has clicked it.
So your web browser see the link shim link first, before it is redirected to the destination link.
All of this happen so fast, that as user, all you see is the URL of the final destination page.
Following are the two most common URIs of a link shim page:
- /l.php
- /lsr.php
Other less common URIs are: a.php, home.php etc.
Facebook Link Shim Referrals
All link shim pages rewrite and send Facebook referrer data to web browsers.
So technically speaking, all link shim referrers are same as the Facebook referrers, we see in Google Analytics reports.
However there are, some Facebook referrers which contain the letter ‘l’ somewhere.
For easy reference, I call such referrers as link shim referrers.
Following are some examples of such referrers:
- l.facebook.com/l.php
- l.facebook.com/lsr.php
- facebook.com/l.php
- m.facebook.com/l.php
- lm.facebook.com/l.php
- lm.facebook.com/lsr.php
Every user who clicks on an external link on Facebook, is temporarily redirected to a link shim page, before being sent to the destination page.
How do I know this for so sure?
This is because, Facebook can not rewrite referrer data otherwise.
According to facebook documentation on link shim, the link shim tool is also used to protect users’ privacy and identity.
Therefore we can not conclude that:
- Only the traffic from l.facebook.com or lm.facebook is directed through link shim page.
- All the traffic from facebook.com or m.facebook is not directed through link shim page.
The only thing we can safely conclude, at this point, is that, Facebook is not consistent with the naming of its referral data.
Since Facebook does not send the original referrer data, they can rewrite the referrer data, whatever way they want, whenever they want and can hide any information they like.
It seems they keep dropping and introducing new referrers.
I discovered 43 different Facebook referrers in the Google Analytics report of the last one year alone.
Following are some examples:
- p.facebook.com / referral
- cstools.facebook.com / referral
- pt-br.facebook.com / referral
- fb.m.facebook.com / referral
- intern.facebook.com / referral
- 0.facebook.com / referral
- our.intern.facebook.com / referral
- apps.facebook.com / referral
- our.cstools.facebook.com / referral
- touch.facebook.com / referral
- business.facebook.com / referral
- mbasic.facebook.com / referral
- web.facebook.com / referral
- similarweb.facebook.com
- mobile.facebook.com
- m.facebook.com
- lm.facebook.com
- static.ak.facebook.com
Most of these referrers are legitimate, in case you are wondering, it could be a referrer spam.
Some of these referrers no longer exist.
For example:
- web.facebook.com redirects to facebook.com
- Apps.facebook.com redirectes to facebook.com/games/
Related Articles
- Facebook Attribution and Conversion Windows Guide
- How to calculate the ROI of your Facebook Marketing Campaigns
- How to set up the Facebook Attribution Tool
- How to Setup Funnels in Facebook Ads Manager
- How to use funnels for your Facebook Ad Campaigns
- How to advertise on Facebook for FREE with unlimited budget
- Secret to Setup Facebook Pixel Tracking Correctly in Google Tag Manager
- Why Facebook and Google Analytics data do not match
- Learn to correctly track Facebook Referral traffic in Google Analytics
- Learn to set up Facebook Pixel Tracking via Google Tag Manager
- Tracking Website Sales in Facebook via Google Tag Manager
- Open Graph Protocol for Facebook Explained with Examples
- Tracking Facebook ‘Likes’ and ‘Unlikes’ in Google Analytics
- Complete Guide to Google Analytics for Facebook
- Introduction to Attribution Models in Facebook
Take the Course
Table of Contents
If you have ever looked into Google Analytics with the aim to track the performance of Facebook campaigns, you know that Facebook generates, way too many referrers:
I discovered 43 different Facebook referrers in the Google Analytics report of the last one year alone.
So let us start with understanding what these different referrers are and why Facebook generates so many referrers.
Introduction to Facebook Link Shim
‘Link Shim’ is a tool used by Facebook to achieve following three objectives:
- To check whether a clicked link is spammy/malicious. If yes, then warn user of the malicious website ahead.
- To rewrite referrer in order to hide personally identifiable information and thus protect users’ privacy.
- To preserve Facebook referrer data esp. when a user navigates from HTTPS to Non-HTTPS website.
Link Shim Tool Checks for Spammy / Malicious Links
Every time a user clicks on an external link on Facebook, the ‘Link Shim’ tool checks whether the clicked link is spammy / malicious.
The link is checked against Facebook own internal database of spammy / malicious links.
If Facebook detects that the clicked link is malicious, then it redirects the user to an intermediate page, which warn user of the malicious website ahead and give him the option to return to Facebook:
Get the E-book (52 Pages)
Get the E-Book (37 Pages)
Link Shim Tool Rewrites Facebook Referrers
Facebook is very wary about protecting its users’ privacy and going to great length, in making sure, that it hides personally identifiable information from third party websites.
In Facebook own words:
Facebook is one site where referrers don’t really belong.
As part of our continued efforts to protect users’ privacy, we proactively protect our users from exposing how they navigated to an external site.
Source: https://www.facebook.com/notes/facebook-engineering/protecting-privacy-with-referrers/392382738919
The ‘Link Shim’ tool is actively used to rewrite Facebook referrers, in order to hide personally identifiable information like removing user IDs from referrer URLs, before web browsers send them to external websites.
Link Shim Tool Preserves Facebook Referrers
By default, a referrer is dropped when a user navigate from https website to a http website.
This is done, in order to follow the secure protocol which states that:
If a website is accessed from a HTTP Secure (HTTPS) connection and a link points to anywhere except another secure location, then the referer field is not sent – Source: https://en.wikipedia.org/wiki/HTTP_referer
Facebook is on HTTPS but many websites are not.
So in the past, Facebook wasn’t able to send referrer data to non-HTTPS websites, as referrer can not be passed from a HTTPS website to non-HTTPS website.
In order to fix this problem, Facebook started using an internal redirect script, that first redirects a visitor to a non-HTTPS page (which creates its own referrer data) before sending the visitor to the actual URL on a HTTP website.
For example,when you click on an external link say: http://www.eventeducation.com/forming-event-company.php on Facebook, you will be first be redirected to an intermediate non-HTTPS page like:
http://facebook.com/l.php?u=http%3A%2F%2Fwww.eventeducation.com%2Fforming-event-company.php&h=1AQGREEXZ&enc=AZOFTubs48cxGeO0qt2G1BRSP4dIKtxGE3iw3qRxJo9F1n5wvjNGriJd2WY4VBpO6xw_kYtWTeKZLwHhlHN5VjYv-hbh0EeAJppnApx1N8eCxOSUjW-yd3upyNt_J9rrMZAfD5YbqWtMwFkDJ0EPRtOB5emrpi8GS0OHOH-DevWabRLC6GiCDevNtQO0ZETLA-9CkdcooVrT6sbkr6kIaON4BcbrZYm1StqEsIqc79xcQyOKLMLdtM2yyXOqVlYkT0Q&s=1
Before you are sent to the actual URL. This temporary redirect to the intermediate page: facebook.com/l.php last for only milliseconds.
Because of this reason, you can’t see this redirect taking place.
What you really see, is the final destination URL.
Now since Facebook is not sending the original referral data from a HTTPS website to a HTTP website, it is honouring the secure protocol and at the same time, also able to send the referrer data.
Google and twitter follow the same tactic.
They create and send their own referrer data instead of the original referrer data.
Now since Facebook does not send the original referrer data, they can rewrite the referrer data, whatever way they want and can hide any information they like.
Another obvious advantage of using this tactic is that, Facebook can easily hide personally identifiable information and can thus protect users’ privacy.
Facebook Link Shim Pages
Facebook link shim page is the non-HTTPS web page where a user is temporarily redirected (for few milliseconds) before being redirected to the desired web page.
Following is the example of a URL of a link shim page:
http://facebook.com/l.php?u=http%3A%2F%2Fwww.eventeducation.com%2Fforming-event-company.php&h=1AQGREEXZ&enc=AZOFTubs48cxGeO0qt2G1BRSP4dIKtxGE3iw3qRxJo9F1n5wvjNGriJd2WY4VBpO6xw_kYtWTeKZLwHhlHN5VjYv-hbh0EeAJppnApx1N8eCxOSUjW-yd3upyNt_J9rrMZAfD5YbqWtMwFkDJ0EPRtOB5emrpi8GS0OHOH-DevWabRLC6GiCDevNtQO0ZETLA-9CkdcooVrT6sbkr6kIaON4BcbrZYm1StqEsIqc79xcQyOKLMLdtM2yyXOqVlYkT0Q&s=1
You do not see the link shim page URL, when you mouse over an external link on Facebook.
What you see on mouseover, is the URL of the destination page.
Facebook uses onmousedown handler that modifies the link (into link shim link), after a user has clicked it.
So your web browser see the link shim link first, before it is redirected to the destination link.
All of this happen so fast, that as user, all you see is the URL of the final destination page.
Following are the two most common URIs of a link shim page:
- /l.php
- /lsr.php
Other less common URIs are: a.php, home.php etc.
Facebook Link Shim Referrals
All link shim pages rewrite and send Facebook referrer data to web browsers.
So technically speaking, all link shim referrers are same as the Facebook referrers, we see in Google Analytics reports.
However there are, some Facebook referrers which contain the letter ‘l’ somewhere.
For easy reference, I call such referrers as link shim referrers.
Following are some examples of such referrers:
- l.facebook.com/l.php
- l.facebook.com/lsr.php
- facebook.com/l.php
- m.facebook.com/l.php
- lm.facebook.com/l.php
- lm.facebook.com/lsr.php
Every user who clicks on an external link on Facebook, is temporarily redirected to a link shim page, before being sent to the destination page.
How do I know this for so sure?
This is because, Facebook can not rewrite referrer data otherwise.
According to facebook documentation on link shim, the link shim tool is also used to protect users’ privacy and identity.
Therefore we can not conclude that:
- Only the traffic from l.facebook.com or lm.facebook is directed through link shim page.
- All the traffic from facebook.com or m.facebook is not directed through link shim page.
The only thing we can safely conclude, at this point, is that, Facebook is not consistent with the naming of its referral data.
Since Facebook does not send the original referrer data, they can rewrite the referrer data, whatever way they want, whenever they want and can hide any information they like.
It seems they keep dropping and introducing new referrers.
I discovered 43 different Facebook referrers in the Google Analytics report of the last one year alone.
Following are some examples:
- p.facebook.com / referral
- cstools.facebook.com / referral
- pt-br.facebook.com / referral
- fb.m.facebook.com / referral
- intern.facebook.com / referral
- 0.facebook.com / referral
- our.intern.facebook.com / referral
- apps.facebook.com / referral
- our.cstools.facebook.com / referral
- touch.facebook.com / referral
- business.facebook.com / referral
- mbasic.facebook.com / referral
- web.facebook.com / referral
- similarweb.facebook.com
- mobile.facebook.com
- m.facebook.com
- lm.facebook.com
- static.ak.facebook.com
Most of these referrers are legitimate, in case you are wondering, it could be a referrer spam.
Some of these referrers no longer exist.
For example:
- web.facebook.com redirects to facebook.com
- Apps.facebook.com redirectes to facebook.com/games/
Related Articles
- Facebook Attribution and Conversion Windows Guide
- How to calculate the ROI of your Facebook Marketing Campaigns
- How to set up the Facebook Attribution Tool
- How to Setup Funnels in Facebook Ads Manager
- How to use funnels for your Facebook Ad Campaigns
- How to advertise on Facebook for FREE with unlimited budget
- Secret to Setup Facebook Pixel Tracking Correctly in Google Tag Manager
- Why Facebook and Google Analytics data do not match
- Learn to correctly track Facebook Referral traffic in Google Analytics
- Learn to set up Facebook Pixel Tracking via Google Tag Manager
- Tracking Website Sales in Facebook via Google Tag Manager
- Open Graph Protocol for Facebook Explained with Examples
- Tracking Facebook ‘Likes’ and ‘Unlikes’ in Google Analytics
- Complete Guide to Google Analytics for Facebook
- Introduction to Attribution Models in Facebook
Most Popular E-Books from OptimizeSmart
Check out my best selling books on Web Analytics and Conversion Optimization on Amazon
How to get lot more useful information?
I share lot more useful information on Web Analytics and Google Analytics on LinkedIn then I can via any other medium. So there is really an incentive for you, to follow me there.
Himanshu Sharma
Certified web analyst and founder of OptimizeSmart.com
