Understanding Facebook Referral Traffic in Google Analytics
Table of Contents
If you have ever looked into Google Analytics with the aim to track the performance of Facebook campaigns, you know that Facebook generates, way too many referrers:
I discovered 43 different Facebook referrers in the Google Analytics report of the last one year alone.
So let us start with understanding what these different referrers are and why Facebook generates so many referrers.
Introduction to Facebook Link Shim
‘Link Shim’ is a tool used by Facebook to achieve the following three objectives:
- To check whether a clicked link is spammy/malicious. If yes, then warn the user of the malicious website ahead.
- To rewrite referrer in order to hide personally identifiable information and thus protect users’ privacy.
- To preserve Facebook referrer data esp. when a user navigates from HTTPS to Non-HTTPS website.
Link Shim Tool Checks for Spammy / Malicious Links
Every time a user clicks on an external link on Facebook, the ‘Link Shim’ tool checks whether the clicked link is spammy/malicious. The link is checked against Facebook’s own internal database of spammy/malicious links.
If Facebook detects that the clicked link is malicious, then it redirects the user to an intermediate page, which warns the user of the malicious website ahead and gives them the option to return to Facebook:
Link Shim Tool Rewrites Facebook Referrers
Facebook is very wary about protecting its users’ privacy and going to great length, in making sure, that it hides personally identifiable information from third party websites.
In Facebook’s own words:
Facebook is one site where referrers don’t really belong.
As part of our continued efforts to protect users’ privacy, we proactively protect our users from exposing how they navigated to an external site.
Source: https://www.facebook.com/notes/facebook-engineering/protecting-privacy-with-referrers/392382738919
The ‘Link Shim’ tool is actively used to rewrite Facebook referrers, in order to hide personally identifiable information like removing user IDs from referrer URLs, before web browsers send them to external websites.
Get the E-Book (50 Pages)
Get the E-Book (62 Pages)
Link Shim Tool Preserves Facebook Referrers
By default, a referrer is dropped when a user navigates from an HTTPS website to an HTTP website.
This is done, in order to follow the secure protocol which states that:
If a website is accessed from a HTTP Secure (HTTPS) connection and a link points to anywhere except another secure location, then the referer field is not sent – Source: https://en.wikipedia.org/wiki/HTTP_referer
Facebook is on HTTPS but many websites are not. So in the past, Facebook wasn’t able to send referrer data to non-HTTPS websites, as referrer can not be passed from an HTTPS website to a non-HTTPS website.
In order to fix this problem, Facebook started using an internal redirect script, that first redirects a visitor to a non-HTTPS page (which creates its own referrer data) before sending the visitor to the actual URL on an HTTP website.
For example, when you click on an external link say: http://www.eventeducation.com/forming-event-company.php on Facebook, you will be first be redirected to an intermediate non-HTTPS page like:
http://facebook.com/l.php?u=http%3A%2F%2Fwww.eventeducation.com%2Fforming-event-company.php&h=1AQGREEXZ&enc=AZOFTubs48cxGeO0qt2G1BRSP4dIKtxGE3iw3qRxJo9F1n5wvjNGriJd2WY4VBpO6xw_kYtWTeKZLwHhlHN5VjYv-hbh0EeAJppnApx1N8eCxOSUjW-yd3upyNt_J9rrMZAfD5YbqWtMwFkDJ0EPRtOB5emrpi8GS0OHOH-DevWabRLC6GiCDevNtQO0ZETLA-9CkdcooVrT6sbkr6kIaON4BcbrZYm1StqEsIqc79xcQyOKLMLdtM2yyXOqVlYkT0Q&s=1
Before you are sent to the actual URL. This temporary redirect to the intermediate page: facebook.com/l.php lasts for only milliseconds. Because of this reason, you can’t see this redirect taking place. What you really see, is the final destination URL.
Now since Facebook is not sending the original referral data from an HTTPS website to an HTTP website, it is honoring the secure protocol and at the same time, also able to send the referrer data.
Google and twitter follow the same tactic. They create and send their own referrer data instead of the original referrer data.
Now since Facebook does not send the original referrer data, they can rewrite the referrer data, whatever way they want and can hide any information they like.
Another obvious advantage of using this tactic is that Facebook can easily hide personally identifiable information and can thus protect users’ privacy.
Facebook Link Shim Pages
Facebook link shim page is the non-HTTPS web page where a user is temporarily redirected (for few milliseconds) before being redirected to the desired web page.
Following is the example of a URL of a link shim page:
http://facebook.com/l.php?u=http%3A%2F%2Fwww.eventeducation.com%2Fforming-event-company.php&h=1AQGREEXZ&enc=AZOFTubs48cxGeO0qt2G1BRSP4dIKtxGE3iw3qRxJo9F1n5wvjNGriJd2WY4VBpO6xw_kYtWTeKZLwHhlHN5VjYv-hbh0EeAJppnApx1N8eCxOSUjW-yd3upyNt_J9rrMZAfD5YbqWtMwFkDJ0EPRtOB5emrpi8GS0OHOH-DevWabRLC6GiCDevNtQO0ZETLA-9CkdcooVrT6sbkr6kIaON4BcbrZYm1StqEsIqc79xcQyOKLMLdtM2yyXOqVlYkT0Q&s=1
You do not see the link shim page URL when you mouse over an external link on Facebook. What you see on mouseover, is the URL of the destination page.
Facebook uses onmousedown handler that modifies the link (into link shim link) after a user has clicked it. So your web browser sees the link shim link first before it is redirected to the destination link. All of this happens so fast, that as a user, all you see is the URL of the final destination page.
Following are the two most common URIs of a link shim page:
- /l.php
- /lsr.php
Other less common URIs are a.php, home.php, etc.
Facebook Link Shim Referrals
All link shim pages rewrite and send Facebook referrer data to web browsers. So technically speaking, all link shim referrers are the same as the Facebook referrers, we see in Google Analytics reports.
However, there are some Facebook referrers that contain the letter ‘l’ somewhere. For easy reference, I call such referrers as link shim referrers.
Following are some examples of such referrers:
- l.facebook.com/l.php
- l.facebook.com/lsr.php
- facebook.com/l.php
- m.facebook.com/l.php
- lm.facebook.com/l.php
- lm.facebook.com/lsr.php
Every user who clicks on an external link on Facebook is temporarily redirected to a link shim page, before being sent to the destination page.
How do I know this for so sure? This is because Facebook can not rewrite referrer data otherwise.
According to Facebook’s documentation on link shim, the link shim tool is also used to protect users’ privacy and identity.
Therefore we can not conclude that:
- Only the traffic from l.facebook.com or lm.facebook is directed through the link shim page.
- All the traffic from facebook.com or m.facebook is not directed through the link shim page.
The only thing we can safely conclude, at this point, is that Facebook is not consistent with the naming of its referral data.
Since Facebook does not send the original referrer data, they can rewrite the referrer data, whatever way they want, whenever they want and can hide any information they like.
It seems they keep dropping and introducing new referrers.
I discovered 43 different Facebook referrers in the Google Analytics report of the last one year alone.
Following are some examples:
- p.facebook.com / referral
- cstools.facebook.com / referral
- pt-br.facebook.com / referral
- fb.m.facebook.com / referral
- intern.facebook.com / referral
- 0.facebook.com / referral
- our.intern.facebook.com / referral
- apps.facebook.com / referral
- our.cstools.facebook.com / referral
- touch.facebook.com / referral
- business.facebook.com / referral
- mbasic.facebook.com / referral
- web.facebook.com / referral
- similarweb.facebook.com
- mobile.facebook.com
- m.facebook.com
- lm.facebook.com
- static.ak.facebook.com
Most of these referrers are legitimate, in case you are wondering if they could be a referrer spam.
Some of these referrers no longer exist. For example:
- web.facebook.com redirects to facebook.com
- Apps.facebook.com redirects to facebook.com/games/
Related Articles
- Facebook Attribution and Conversion Windows Guide
- How to calculate the ROI of your Facebook Marketing Campaigns
- How to set up the Facebook Attribution Tool
- How to Setup Funnels in Facebook Ads Manager
- How to use funnels for your Facebook Ad Campaigns
- How to advertise on Facebook for FREE with unlimited budget
- Secret to Setup Facebook Pixel Tracking Correctly in Google Tag Manager
- Why Facebook and Google Analytics data do not match
- Learn to correctly track Facebook Referral traffic in Google Analytics
- Learn to set up Facebook Pixel Tracking via Google Tag Manager
- Tracking Website Sales in Facebook via Google Tag Manager
- Open Graph Protocol for Facebook Explained with Examples
- Tracking Facebook ‘Likes’ and ‘Unlikes’ in Google Analytics
- Complete Guide to Google Analytics for Facebook
- Introduction to Attribution Models in Facebook
Register for the FREE TRAINING...
"How to use Digital Analytics to generate floods of new Sales and Customers without spending years figuring everything out on your own."
Here’s what we’re going to cover in this training…
#1 Why digital analytics is the key to online business success.
#2 The number 1 reason why most marketers are not able to scale their advertising and maximize sales.
#3 Why Google and Facebook ads don’t work for most businesses & how to make them work.
#4 Why you won’t get any competitive advantage in the marketplace just by knowing Google Analytics.
#5 The number 1 reason why conversion optimization is not working for your business.
#6 How to advertise on any marketing platform for FREE with an unlimited budget.
#7 How to learn and master digital analytics and conversion optimization in record time.
My best selling books on Digital Analytics and Conversion Optimization
Maths and Stats for Web Analytics and Conversion Optimization
This expert guide will teach you how to leverage the knowledge of maths and statistics in order to accurately interpret data and take actions, which can quickly improve the bottom-line of your online business.
Master the Essentials of Email Marketing Analytics
This book focuses solely on the ‘analytics’ that power your email marketing optimization program and will help you dramatically reduce your cost per acquisition and increase marketing ROI by tracking the performance of the various KPIs and metrics used for email marketing.
Attribution Modelling in Google Analytics and Beyond
Attribution modelling is the process of determining the most effective marketing channels for investment. This book has been written to help you implement attribution modelling. It will teach you how to leverage the knowledge of attribution modelling in order to allocate marketing budget and understand buying behaviour.
Attribution Modelling in Google Ads and Facebook
This book has been written to help you implement attribution modelling in Google Ads (Google AdWords) and Facebook. It will teach you, how to leverage the knowledge of attribution modelling in order to understand the customer purchasing journey and determine the most effective marketing channels for investment.
Himanshu Sharma
Digital Marketing Consultant and Founder of Optimizesmart.com
Table of Contents
If you have ever looked into Google Analytics with the aim to track the performance of Facebook campaigns, you know that Facebook generates, way too many referrers:
I discovered 43 different Facebook referrers in the Google Analytics report of the last one year alone.
So let us start with understanding what these different referrers are and why Facebook generates so many referrers.
Introduction to Facebook Link Shim
‘Link Shim’ is a tool used by Facebook to achieve the following three objectives:
- To check whether a clicked link is spammy/malicious. If yes, then warn the user of the malicious website ahead.
- To rewrite referrer in order to hide personally identifiable information and thus protect users’ privacy.
- To preserve Facebook referrer data esp. when a user navigates from HTTPS to Non-HTTPS website.
Link Shim Tool Checks for Spammy / Malicious Links
Every time a user clicks on an external link on Facebook, the ‘Link Shim’ tool checks whether the clicked link is spammy/malicious. The link is checked against Facebook’s own internal database of spammy/malicious links.
If Facebook detects that the clicked link is malicious, then it redirects the user to an intermediate page, which warns the user of the malicious website ahead and gives them the option to return to Facebook:
Link Shim Tool Rewrites Facebook Referrers
Facebook is very wary about protecting its users’ privacy and going to great length, in making sure, that it hides personally identifiable information from third party websites.
In Facebook’s own words:
Facebook is one site where referrers don’t really belong.
As part of our continued efforts to protect users’ privacy, we proactively protect our users from exposing how they navigated to an external site.
Source: https://www.facebook.com/notes/facebook-engineering/protecting-privacy-with-referrers/392382738919
The ‘Link Shim’ tool is actively used to rewrite Facebook referrers, in order to hide personally identifiable information like removing user IDs from referrer URLs, before web browsers send them to external websites.
Get the E-Book (50 Pages)
Get the E-Book (62 Pages)
Link Shim Tool Preserves Facebook Referrers
By default, a referrer is dropped when a user navigates from an HTTPS website to an HTTP website.
This is done, in order to follow the secure protocol which states that:
If a website is accessed from a HTTP Secure (HTTPS) connection and a link points to anywhere except another secure location, then the referer field is not sent – Source: https://en.wikipedia.org/wiki/HTTP_referer
Facebook is on HTTPS but many websites are not. So in the past, Facebook wasn’t able to send referrer data to non-HTTPS websites, as referrer can not be passed from an HTTPS website to a non-HTTPS website.
In order to fix this problem, Facebook started using an internal redirect script, that first redirects a visitor to a non-HTTPS page (which creates its own referrer data) before sending the visitor to the actual URL on an HTTP website.
For example, when you click on an external link say: http://www.eventeducation.com/forming-event-company.php on Facebook, you will be first be redirected to an intermediate non-HTTPS page like:
http://facebook.com/l.php?u=http%3A%2F%2Fwww.eventeducation.com%2Fforming-event-company.php&h=1AQGREEXZ&enc=AZOFTubs48cxGeO0qt2G1BRSP4dIKtxGE3iw3qRxJo9F1n5wvjNGriJd2WY4VBpO6xw_kYtWTeKZLwHhlHN5VjYv-hbh0EeAJppnApx1N8eCxOSUjW-yd3upyNt_J9rrMZAfD5YbqWtMwFkDJ0EPRtOB5emrpi8GS0OHOH-DevWabRLC6GiCDevNtQO0ZETLA-9CkdcooVrT6sbkr6kIaON4BcbrZYm1StqEsIqc79xcQyOKLMLdtM2yyXOqVlYkT0Q&s=1
Before you are sent to the actual URL. This temporary redirect to the intermediate page: facebook.com/l.php lasts for only milliseconds. Because of this reason, you can’t see this redirect taking place. What you really see, is the final destination URL.
Now since Facebook is not sending the original referral data from an HTTPS website to an HTTP website, it is honoring the secure protocol and at the same time, also able to send the referrer data.
Google and twitter follow the same tactic. They create and send their own referrer data instead of the original referrer data.
Now since Facebook does not send the original referrer data, they can rewrite the referrer data, whatever way they want and can hide any information they like.
Another obvious advantage of using this tactic is that Facebook can easily hide personally identifiable information and can thus protect users’ privacy.
Facebook Link Shim Pages
Facebook link shim page is the non-HTTPS web page where a user is temporarily redirected (for few milliseconds) before being redirected to the desired web page.
Following is the example of a URL of a link shim page:
http://facebook.com/l.php?u=http%3A%2F%2Fwww.eventeducation.com%2Fforming-event-company.php&h=1AQGREEXZ&enc=AZOFTubs48cxGeO0qt2G1BRSP4dIKtxGE3iw3qRxJo9F1n5wvjNGriJd2WY4VBpO6xw_kYtWTeKZLwHhlHN5VjYv-hbh0EeAJppnApx1N8eCxOSUjW-yd3upyNt_J9rrMZAfD5YbqWtMwFkDJ0EPRtOB5emrpi8GS0OHOH-DevWabRLC6GiCDevNtQO0ZETLA-9CkdcooVrT6sbkr6kIaON4BcbrZYm1StqEsIqc79xcQyOKLMLdtM2yyXOqVlYkT0Q&s=1
You do not see the link shim page URL when you mouse over an external link on Facebook. What you see on mouseover, is the URL of the destination page.
Facebook uses onmousedown handler that modifies the link (into link shim link) after a user has clicked it. So your web browser sees the link shim link first before it is redirected to the destination link. All of this happens so fast, that as a user, all you see is the URL of the final destination page.
Following are the two most common URIs of a link shim page:
- /l.php
- /lsr.php
Other less common URIs are a.php, home.php, etc.
Facebook Link Shim Referrals
All link shim pages rewrite and send Facebook referrer data to web browsers. So technically speaking, all link shim referrers are the same as the Facebook referrers, we see in Google Analytics reports.
However, there are some Facebook referrers that contain the letter ‘l’ somewhere. For easy reference, I call such referrers as link shim referrers.
Following are some examples of such referrers:
- l.facebook.com/l.php
- l.facebook.com/lsr.php
- facebook.com/l.php
- m.facebook.com/l.php
- lm.facebook.com/l.php
- lm.facebook.com/lsr.php
Every user who clicks on an external link on Facebook is temporarily redirected to a link shim page, before being sent to the destination page.
How do I know this for so sure? This is because Facebook can not rewrite referrer data otherwise.
According to Facebook’s documentation on link shim, the link shim tool is also used to protect users’ privacy and identity.
Therefore we can not conclude that:
- Only the traffic from l.facebook.com or lm.facebook is directed through the link shim page.
- All the traffic from facebook.com or m.facebook is not directed through the link shim page.
The only thing we can safely conclude, at this point, is that Facebook is not consistent with the naming of its referral data.
Since Facebook does not send the original referrer data, they can rewrite the referrer data, whatever way they want, whenever they want and can hide any information they like.
It seems they keep dropping and introducing new referrers.
I discovered 43 different Facebook referrers in the Google Analytics report of the last one year alone.
Following are some examples:
- p.facebook.com / referral
- cstools.facebook.com / referral
- pt-br.facebook.com / referral
- fb.m.facebook.com / referral
- intern.facebook.com / referral
- 0.facebook.com / referral
- our.intern.facebook.com / referral
- apps.facebook.com / referral
- our.cstools.facebook.com / referral
- touch.facebook.com / referral
- business.facebook.com / referral
- mbasic.facebook.com / referral
- web.facebook.com / referral
- similarweb.facebook.com
- mobile.facebook.com
- m.facebook.com
- lm.facebook.com
- static.ak.facebook.com
Most of these referrers are legitimate, in case you are wondering if they could be a referrer spam.
Some of these referrers no longer exist. For example:
- web.facebook.com redirects to facebook.com
- Apps.facebook.com redirects to facebook.com/games/
Related Articles
- Facebook Attribution and Conversion Windows Guide
- How to calculate the ROI of your Facebook Marketing Campaigns
- How to set up the Facebook Attribution Tool
- How to Setup Funnels in Facebook Ads Manager
- How to use funnels for your Facebook Ad Campaigns
- How to advertise on Facebook for FREE with unlimited budget
- Secret to Setup Facebook Pixel Tracking Correctly in Google Tag Manager
- Why Facebook and Google Analytics data do not match
- Learn to correctly track Facebook Referral traffic in Google Analytics
- Learn to set up Facebook Pixel Tracking via Google Tag Manager
- Tracking Website Sales in Facebook via Google Tag Manager
- Open Graph Protocol for Facebook Explained with Examples
- Tracking Facebook ‘Likes’ and ‘Unlikes’ in Google Analytics
- Complete Guide to Google Analytics for Facebook
- Introduction to Attribution Models in Facebook
Register for the FREE TRAINING...
"How to use Digital Analytics to generate floods of new Sales and Customers without spending years figuring everything out on your own."
Here’s what we’re going to cover in this training…
#1 Why digital analytics is the key to online business success.
#2 The number 1 reason why most marketers are not able to scale their advertising and maximize sales.
#3 Why Google and Facebook ads don’t work for most businesses & how to make them work.
#4 Why you won’t get any competitive advantage in the marketplace just by knowing Google Analytics.
#5 The number 1 reason why conversion optimization is not working for your business.
#6 How to advertise on any marketing platform for FREE with an unlimited budget.
#7 How to learn and master digital analytics and conversion optimization in record time.
My best selling books on Digital Analytics and Conversion Optimization
Maths and Stats for Web Analytics and Conversion Optimization
This expert guide will teach you how to leverage the knowledge of maths and statistics in order to accurately interpret data and take actions, which can quickly improve the bottom-line of your online business.
Master the Essentials of Email Marketing Analytics
This book focuses solely on the ‘analytics’ that power your email marketing optimization program and will help you dramatically reduce your cost per acquisition and increase marketing ROI by tracking the performance of the various KPIs and metrics used for email marketing.
Attribution Modelling in Google Analytics and Beyond
Attribution modelling is the process of determining the most effective marketing channels for investment. This book has been written to help you implement attribution modelling. It will teach you how to leverage the knowledge of attribution modelling in order to allocate marketing budget and understand buying behaviour.
Attribution Modelling in Google Ads and Facebook
This book has been written to help you implement attribution modelling in Google Ads (Google AdWords) and Facebook. It will teach you, how to leverage the knowledge of attribution modelling in order to understand the customer purchasing journey and determine the most effective marketing channels for investment.
Himanshu Sharma
Digital Marketing Consultant and Founder of Optimizesmart.com
