Understanding Facebook Referral Traffic in Google Analytics

If you have ever looked into Google Analytics with the aim to track the performance of Facebook campaigns, you know that Facebook generates, way too many referrers:facebook referrals

I discovered 43 different Facebook referrers in the Google Analytics report of the last one year alone.

So let us start with understanding what these different referrers are and why Facebook generates so many referrers.

Introduction to Facebook Link Shim

‘Link Shim’ is a tool used by Facebook to achieve following three objectives:

  1. To check whether a clicked link is spammy/malicious. If yes, then warn user of the malicious website ahead.
  2. To rewrite referrer in order to hide personally identifiable information and thus protect users’ privacy.
  3. To preserve Facebook referrer data esp. when a user navigates from HTTPS to Non-HTTPS website.

Link Shim Tool Checks for Spammy / Malicious Links

Every time a user clicks on an external link on Facebook, the ‘Link Shim’ tool checks whether the clicked link is spammy / malicious.

The link is checked against Facebook own internal database of spammy / malicious links.

If Facebook detects that the clicked link is malicious, then it redirects the user to an intermediate page, which warn user of the malicious website ahead and give him the option to return to Facebook:

please be careful

Get the E-book (52 Pages)

Get the E-Book (37 Pages)

Link Shim Tool Rewrites Facebook Referrers

Facebook is very wary about protecting its users’ privacy and going to great length, in making sure, that it hides personally identifiable information from third party websites.

In Facebook own words:

Facebook is one site where referrers don’t really belong.

As part of our continued efforts to protect users’ privacy, we proactively protect our users from exposing how they navigated to an external site.

Source: https://www.facebook.com/notes/facebook-engineering/protecting-privacy-with-referrers/392382738919

The ‘Link Shim’ tool is actively used to rewrite Facebook referrers, in order to hide personally identifiable information like removing user IDs from referrer URLs, before web browsers send them to external websites.

Link Shim Tool Preserves Facebook Referrers

By default, a referrer is dropped when a user navigate from https website to a http website.

This is done, in order to follow the secure protocol which states that:

If a website is accessed from a HTTP Secure (HTTPS) connection and a link points to anywhere except another secure location, then the referer field is not sent – Source: https://en.wikipedia.org/wiki/HTTP_referer

Facebook is on HTTPS but many websites are not.

So in the past, Facebook wasn’t able to send referrer data to non-HTTPS websites, as referrer can not be passed from a HTTPS website to non-HTTPS website.

In order to fix this problem, Facebook started using an internal redirect script, that first redirects a visitor to a non-HTTPS page (which creates its own referrer data) before sending the visitor to the actual URL on a HTTP website.

For example,when you click on an external link say: http://www.eventeducation.com/forming-event-company.php on Facebook, you will be first be redirected to an intermediate non-HTTPS page like:


Before you are sent to the actual URL. This temporary redirect to the intermediate page: facebook.com/l.php last for only milliseconds.

Because of this reason, you can’t see this redirect taking place.

What you really see, is the final destination URL.

Now since Facebook is not sending the original referral data from a HTTPS website to a HTTP website, it is honouring the secure protocol and at the same time, also able to send the referrer data.

Google and twitter follow the same tactic.

They create and send their own referrer data instead of the original referrer data.

Now since Facebook does not send the original referrer data, they can rewrite the referrer data, whatever way they want and can hide any information they like.

Another obvious advantage of using this tactic is that, Facebook can easily hide personally identifiable information and can thus protect users’ privacy.

Facebook Link Shim Pages

Facebook link shim page is the non-HTTPS web page where a user is temporarily redirected (for few milliseconds) before being redirected to the desired web page.

Following is the example of a URL of a link shim page:


You do not see the link shim page URL, when you mouse over an external link on Facebook.

What you see on mouseover, is the URL of the destination page.

Facebook uses onmousedown handler that modifies the link (into link shim link), after a user has clicked it.

So your web browser see the link shim link first, before it is redirected to the destination link.

All of this happen so fast, that as user, all you see is the URL of the final destination page.

Following are the two most common URIs of a link shim page:

  • /l.php
  • /lsr.php

link shim pages

Other less common URIs are: a.php, home.php etc.

Facebook Link Shim Referrals

All link shim pages rewrite and send Facebook referrer data to web browsers.

So technically speaking, all link shim referrers are same as the Facebook referrers, we see in Google Analytics reports.

However there are, some Facebook referrers which contain the letter ‘l’ somewhere.

For easy reference, I call such referrers as link shim referrers. 

Following are some examples of such referrers:

  • l.facebook.com/l.php
  • l.facebook.com/lsr.php
  • facebook.com/l.php
  • m.facebook.com/l.php
  • lm.facebook.com/l.php
  • lm.facebook.com/lsr.php

Every user who clicks on an external link on Facebook, is temporarily redirected to a link shim page, before being sent to the destination page.

How do I know this for so sure?

This is because, Facebook can not rewrite referrer data otherwise.

According to facebook documentation on link shim, the link shim tool is also used to protect users’ privacy and identity.

Therefore we can not conclude that:

  • Only the traffic from l.facebook.com or lm.facebook is directed through link shim page.
  • All the traffic from facebook.com or m.facebook is not directed through link shim page.

The only thing we can safely conclude, at this point, is that, Facebook is not consistent with the naming of its referral data.

Since Facebook does not send the original referrer data, they can rewrite the referrer data, whatever way they want, whenever they want and can hide any information they like.

It seems they keep dropping and introducing new referrers.

I discovered 43 different Facebook referrers in the Google Analytics report of the last one year alone.

Following are some examples:

  1. p.facebook.com / referral
  2. cstools.facebook.com / referral
  3. pt-br.facebook.com / referral
  4. fb.m.facebook.com / referral
  5. intern.facebook.com / referral
  6. 0.facebook.com / referral
  7. our.intern.facebook.com / referral
  8. apps.facebook.com / referral
  9. our.cstools.facebook.com / referral
  10. touch.facebook.com / referral
  11. business.facebook.com / referral
  12. mbasic.facebook.com / referral
  13. web.facebook.com / referral
  14. similarweb.facebook.com
  15. mobile.facebook.com
  16. m.facebook.com
  17. lm.facebook.com
  18. static.ak.facebook.com

Most of these referrers are legitimate, in case you are wondering, it could be a referrer spam.

Some of these referrers no longer exist.

For example:

  • web.facebook.com redirects to facebook.com
  • Apps.facebook.com redirectes to facebook.com/games/

Related Articles

Most Popular E-Books from OptimizeSmart

Learn to read e-commerce reports book banner

How to learn and master Web Analytics and Google Analytics?

Take the Course

Check out my best selling books on Web Analytics and Conversion Optimization on Amazon

How to get lot more useful information?

I share lot more useful information on Web Analytics and Google Analytics on LinkedIn then I can via any other medium. So there is really an incentive for you, to follow me there.

Himanshu Sharma

Certified web analyst and founder of OptimizeSmart.com

My name is Himanshu Sharma and I help businesses find and fix their Google Analytics and conversion issues. If you have any questions or comments please contact me.

  • Over twelve years' experience in SEO, PPC and web analytics
  • Google Analytics certified
  • Google AdWords certified
  • Nominated for Digital Analytics Association Award for Excellence
  • Bachelors degree in Internet Science
  • Founder of OptimizeSmart.com and EventEducation.com

I am also the author of four books:

error: Alert: Content is protected !!