Understanding Facebook Referral traffic in Google Analytics
If you have ever looked into Google Analytics with the aim to track the performance of Facebook campaigns, you know that Facebook generates, way too many referrers:![facebook referrals]()
I discovered 43 different Facebook referrers in the Google Analytics report of the last one year alone.
So let us start with understanding what these different referrers are and why Facebook generates so many referrers.
Introduction to Facebook Link Shim
‘Link Shim’ is a tool used by Facebook to achieve following three objectives:
- To check whether a clicked link is spammy/malicious. If yes, then warn user of the malicious website ahead.
- To rewrite referrer in order to hide personally identifiable information and thus protect users’ privacy.
- To preserve Facebook referrer data esp. when a user navigates from HTTPS to Non-HTTPS website.
Link shim tool check for spammy / malicious links
Every time a user clicks on an external link on Facebook, the ‘Link Shim’ tool checks whether the clicked link is spammy / malicious.
The link is checked against Facebook own internal database of spammy / malicious links.
If Facebook detects that the clicked link is malicious, then it redirects the user to an intermediate page, which warn user of the malicious website ahead and give him the option to return to Facebook:
![please be careful]()
![]()
Get the E-Book (37 Pages)
![Learn to read e-commerce reports book banner]()
Get the E-Book (104 Pages)
Link shim tool rewrite Facebook referrers
Facebook is very wary about protecting its users’ privacy and going to great length, in making sure, that it hides personally identifiable information from third party websites.
In Facebook own words:
Facebook is one site where referrers don’t really belong.
As part of our continued efforts to protect users’ privacy, we proactively protect our users from exposing how they navigated to an external site.
Source: https://www.facebook.com/notes/facebook-engineering/protecting-privacy-with-referrers/392382738919
The ‘Link Shim’ tool is actively used to rewrite Facebook referrers, in order to hide personally identifiable information like removing user IDs from referrer URLs, before web browsers send them to external websites.
Link shim tool preserve Facebook referrers
By default, a referrer is dropped when a user navigate from https website to a http website.
This is done, in order to follow the secure protocol which states that:
If a website is accessed from a HTTP Secure (HTTPS) connection and a link points to anywhere except another secure location, then the referer field is not sent – Source: https://en.wikipedia.org/wiki/HTTP_referer
Facebook is on HTTPS but many websites are not.
So in the past, Facebook wasn’t able to send referrer data to non-HTTPS websites, as referrer can not be passed from a HTTPS website to non-HTTPS website.
In order to fix this problem, Facebook started using an internal redirect script, that first redirects a visitor to a non-HTTPS page (which creates its own referrer data) before sending the visitor to the actual URL on a HTTP website.
For example,when you click on an external link say: http://www.eventeducation.com/forming-event-company.php on Facebook, you will be first be redirected to an intermediate non-HTTPS page like:
http://facebook.com/l.php?u=http%3A%2F%2Fwww.eventeducation.com%2Fforming-event-company.php&h=1AQGREEXZ&enc=AZOFTubs48cxGeO0qt2G1BRSP4dIKtxGE3iw3qRxJo9F1n5wvjNGriJd2WY4VBpO6xw_kYtWTeKZLwHhlHN5VjYv-hbh0EeAJppnApx1N8eCxOSUjW-yd3upyNt_J9rrMZAfD5YbqWtMwFkDJ0EPRtOB5emrpi8GS0OHOH-DevWabRLC6GiCDevNtQO0ZETLA-9CkdcooVrT6sbkr6kIaON4BcbrZYm1StqEsIqc79xcQyOKLMLdtM2yyXOqVlYkT0Q&s=1
Before you are sent to the actual URL. This temporary redirect to the intermediate page: facebook.com/l.php last for only milliseconds.
Because of this reason, you can’t see this redirect taking place.
What you really see, is the final destination URL.
Now since Facebook is not sending the original referral data from a HTTPS website to a HTTP website, it is honouring the secure protocol and at the same time, also able to send the referrer data.
Google and twitter follow the same tactic.
They create and send their own referrer data instead of the original referrer data.
Now since Facebook does not send the original referrer data, they can rewrite the referrer data, whatever way they want and can hide any information they like.
Another obvious advantage of using this tactic is that, Facebook can easily hide personally identifiable information and can thus protect users’ privacy.
Facebook Link Shim pages
Facebook link shim page is the non-HTTPS web page where a user is temporarily redirected (for few milliseconds) before being redirected to the desired web page.
Following is the example of a URL of a link shim page:
http://facebook.com/l.php?u=http%3A%2F%2Fwww.eventeducation.com%2Fforming-event-company.php&h=1AQGREEXZ&enc=AZOFTubs48cxGeO0qt2G1BRSP4dIKtxGE3iw3qRxJo9F1n5wvjNGriJd2WY4VBpO6xw_kYtWTeKZLwHhlHN5VjYv-hbh0EeAJppnApx1N8eCxOSUjW-yd3upyNt_J9rrMZAfD5YbqWtMwFkDJ0EPRtOB5emrpi8GS0OHOH-DevWabRLC6GiCDevNtQO0ZETLA-9CkdcooVrT6sbkr6kIaON4BcbrZYm1StqEsIqc79xcQyOKLMLdtM2yyXOqVlYkT0Q&s=1
You do not see the link shim page URL, when you mouse over an external link on Facebook.
What you see on mouseover, is the URL of the destination page.
Facebook uses onmousedown handler that modifies the link (into link shim link), after a user has clicked it.
So your web browser see the link shim link first, before it is redirected to the destination link.
All of this happen so fast, that as user, all you see is the URL of the final destination page.
Following are the two most common URIs of a link shim page:
- /l.php
- /lsr.php
![link shim pages]()
Other less common URIs are: a.php, home.php etc.
Facebook link shim referrals
All link shim pages rewrite and send Facebook referrer data to web browsers.
So technically speaking, all link shim referrers are same as the Facebook referrers, we see in Google Analytics reports.
However there are, some Facebook referrers which contain the letter ‘l’ somewhere.
For easy reference, I call such referrers as link shim referrers.
Following are some examples of such referrers:
- l.facebook.com/l.php
- l.facebook.com/lsr.php
- facebook.com/l.php
- m.facebook.com/l.php
- lm.facebook.com/l.php
- lm.facebook.com/lsr.php
Every user who clicks on an external link on Facebook, is temporarily redirected to a link shim page, before being sent to the destination page.
How do I know this for so sure?
This is because, Facebook can not rewrite referrer data otherwise.
According to facebook documentation on link shim, the link shim tool is also used to protect users’ privacy and identity.
Therefore we can not conclude that:
- Only the traffic from l.facebook.com or lm.facebook is directed through link shim page.
- All the traffic from facebook.com or m.facebook is not directed through link shim page.
The only thing we can safely conclude, at this point, is that, Facebook is not consistent with the naming of its referral data.
Since Facebook does not send the original referrer data, they can rewrite the referrer data, whatever way they want, whenever they want and can hide any information they like.
It seems they keep dropping and introducing new referrers.
I discovered 43 different Facebook referrers in the Google Analytics report of the last one year alone.
Following are some examples:
- p.facebook.com / referral
- cstools.facebook.com / referral
- pt-br.facebook.com / referral
- fb.m.facebook.com / referral
- intern.facebook.com / referral
- 0.facebook.com / referral
- our.intern.facebook.com / referral
- apps.facebook.com / referral
- our.cstools.facebook.com / referral
- touch.facebook.com / referral
- business.facebook.com / referral
- mbasic.facebook.com / referral
- web.facebook.com / referral
- similarweb.facebook.com
- mobile.facebook.com
- m.facebook.com
- lm.facebook.com
- static.ak.facebook.com
Most of these referrers are legitimate, in case you are wondering, it could be a referrer spam.
Some of these referrers no longer exist.
For example:
- web.facebook.com redirects to facebook.com
- Apps.facebook.com redirectes to facebook.com/games/
Related Articles
- Tracking Facebook ‘Likes’ and ‘Unlikes’ in Google Analytics
- Why Facebook and Google Analytics data do not match
- Learn to correctly track Facebook Referral traffic in Google Analytics
- Complete Guide to Google Analytics for Facebook
- Facebook Analytics – Super Duper Guide
- Learn to set up Facebook Tracking via Google Tag Manager
- Tracking Website Sales in Facebook via Google Tag Manager
- Secret to Setup Facebook Pixel Tracking Correctly in Google Tag Manager
Learn about the Google Analytics Usage Trends Tool
If you have ever looked into Google Analytics with the aim to track the performance of Facebook campaigns, you know that Facebook generates, way too many referrers:
I discovered 43 different Facebook referrers in the Google Analytics report of the last one year alone.
So let us start with understanding what these different referrers are and why Facebook generates so many referrers.
Introduction to Facebook Link Shim
‘Link Shim’ is a tool used by Facebook to achieve following three objectives:
- To check whether a clicked link is spammy/malicious. If yes, then warn user of the malicious website ahead.
- To rewrite referrer in order to hide personally identifiable information and thus protect users’ privacy.
- To preserve Facebook referrer data esp. when a user navigates from HTTPS to Non-HTTPS website.
Link shim tool check for spammy / malicious links
Every time a user clicks on an external link on Facebook, the ‘Link Shim’ tool checks whether the clicked link is spammy / malicious.
The link is checked against Facebook own internal database of spammy / malicious links.
If Facebook detects that the clicked link is malicious, then it redirects the user to an intermediate page, which warn user of the malicious website ahead and give him the option to return to Facebook:
Get the E-Book (37 Pages)
Get the E-Book (104 Pages)
Link shim tool rewrite Facebook referrers
Facebook is very wary about protecting its users’ privacy and going to great length, in making sure, that it hides personally identifiable information from third party websites.
In Facebook own words:
Facebook is one site where referrers don’t really belong.
As part of our continued efforts to protect users’ privacy, we proactively protect our users from exposing how they navigated to an external site.
Source: https://www.facebook.com/notes/facebook-engineering/protecting-privacy-with-referrers/392382738919
The ‘Link Shim’ tool is actively used to rewrite Facebook referrers, in order to hide personally identifiable information like removing user IDs from referrer URLs, before web browsers send them to external websites.
Link shim tool preserve Facebook referrers
By default, a referrer is dropped when a user navigate from https website to a http website.
This is done, in order to follow the secure protocol which states that:
If a website is accessed from a HTTP Secure (HTTPS) connection and a link points to anywhere except another secure location, then the referer field is not sent – Source: https://en.wikipedia.org/wiki/HTTP_referer
Facebook is on HTTPS but many websites are not.
So in the past, Facebook wasn’t able to send referrer data to non-HTTPS websites, as referrer can not be passed from a HTTPS website to non-HTTPS website.
In order to fix this problem, Facebook started using an internal redirect script, that first redirects a visitor to a non-HTTPS page (which creates its own referrer data) before sending the visitor to the actual URL on a HTTP website.
For example,when you click on an external link say: http://www.eventeducation.com/forming-event-company.php on Facebook, you will be first be redirected to an intermediate non-HTTPS page like:
http://facebook.com/l.php?u=http%3A%2F%2Fwww.eventeducation.com%2Fforming-event-company.php&h=1AQGREEXZ&enc=AZOFTubs48cxGeO0qt2G1BRSP4dIKtxGE3iw3qRxJo9F1n5wvjNGriJd2WY4VBpO6xw_kYtWTeKZLwHhlHN5VjYv-hbh0EeAJppnApx1N8eCxOSUjW-yd3upyNt_J9rrMZAfD5YbqWtMwFkDJ0EPRtOB5emrpi8GS0OHOH-DevWabRLC6GiCDevNtQO0ZETLA-9CkdcooVrT6sbkr6kIaON4BcbrZYm1StqEsIqc79xcQyOKLMLdtM2yyXOqVlYkT0Q&s=1
Before you are sent to the actual URL. This temporary redirect to the intermediate page: facebook.com/l.php last for only milliseconds.
Because of this reason, you can’t see this redirect taking place.
What you really see, is the final destination URL.
Now since Facebook is not sending the original referral data from a HTTPS website to a HTTP website, it is honouring the secure protocol and at the same time, also able to send the referrer data.
Google and twitter follow the same tactic.
They create and send their own referrer data instead of the original referrer data.
Now since Facebook does not send the original referrer data, they can rewrite the referrer data, whatever way they want and can hide any information they like.
Another obvious advantage of using this tactic is that, Facebook can easily hide personally identifiable information and can thus protect users’ privacy.
Facebook Link Shim pages
Facebook link shim page is the non-HTTPS web page where a user is temporarily redirected (for few milliseconds) before being redirected to the desired web page.
Following is the example of a URL of a link shim page:
http://facebook.com/l.php?u=http%3A%2F%2Fwww.eventeducation.com%2Fforming-event-company.php&h=1AQGREEXZ&enc=AZOFTubs48cxGeO0qt2G1BRSP4dIKtxGE3iw3qRxJo9F1n5wvjNGriJd2WY4VBpO6xw_kYtWTeKZLwHhlHN5VjYv-hbh0EeAJppnApx1N8eCxOSUjW-yd3upyNt_J9rrMZAfD5YbqWtMwFkDJ0EPRtOB5emrpi8GS0OHOH-DevWabRLC6GiCDevNtQO0ZETLA-9CkdcooVrT6sbkr6kIaON4BcbrZYm1StqEsIqc79xcQyOKLMLdtM2yyXOqVlYkT0Q&s=1
You do not see the link shim page URL, when you mouse over an external link on Facebook.
What you see on mouseover, is the URL of the destination page.
Facebook uses onmousedown handler that modifies the link (into link shim link), after a user has clicked it.
So your web browser see the link shim link first, before it is redirected to the destination link.
All of this happen so fast, that as user, all you see is the URL of the final destination page.
Following are the two most common URIs of a link shim page:
- /l.php
- /lsr.php
Other less common URIs are: a.php, home.php etc.
Facebook link shim referrals
All link shim pages rewrite and send Facebook referrer data to web browsers.
So technically speaking, all link shim referrers are same as the Facebook referrers, we see in Google Analytics reports.
However there are, some Facebook referrers which contain the letter ‘l’ somewhere.
For easy reference, I call such referrers as link shim referrers.
Following are some examples of such referrers:
- l.facebook.com/l.php
- l.facebook.com/lsr.php
- facebook.com/l.php
- m.facebook.com/l.php
- lm.facebook.com/l.php
- lm.facebook.com/lsr.php
Every user who clicks on an external link on Facebook, is temporarily redirected to a link shim page, before being sent to the destination page.
How do I know this for so sure?
This is because, Facebook can not rewrite referrer data otherwise.
According to facebook documentation on link shim, the link shim tool is also used to protect users’ privacy and identity.
Therefore we can not conclude that:
- Only the traffic from l.facebook.com or lm.facebook is directed through link shim page.
- All the traffic from facebook.com or m.facebook is not directed through link shim page.
The only thing we can safely conclude, at this point, is that, Facebook is not consistent with the naming of its referral data.
Since Facebook does not send the original referrer data, they can rewrite the referrer data, whatever way they want, whenever they want and can hide any information they like.
It seems they keep dropping and introducing new referrers.
I discovered 43 different Facebook referrers in the Google Analytics report of the last one year alone.
Following are some examples:
- p.facebook.com / referral
- cstools.facebook.com / referral
- pt-br.facebook.com / referral
- fb.m.facebook.com / referral
- intern.facebook.com / referral
- 0.facebook.com / referral
- our.intern.facebook.com / referral
- apps.facebook.com / referral
- our.cstools.facebook.com / referral
- touch.facebook.com / referral
- business.facebook.com / referral
- mbasic.facebook.com / referral
- web.facebook.com / referral
- similarweb.facebook.com
- mobile.facebook.com
- m.facebook.com
- lm.facebook.com
- static.ak.facebook.com
Most of these referrers are legitimate, in case you are wondering, it could be a referrer spam.
Some of these referrers no longer exist.
For example:
- web.facebook.com redirects to facebook.com
- Apps.facebook.com redirectes to facebook.com/games/
Related Articles
- Tracking Facebook ‘Likes’ and ‘Unlikes’ in Google Analytics
- Why Facebook and Google Analytics data do not match
- Learn to correctly track Facebook Referral traffic in Google Analytics
- Complete Guide to Google Analytics for Facebook
- Facebook Analytics – Super Duper Guide
- Learn to set up Facebook Tracking via Google Tag Manager
- Tracking Website Sales in Facebook via Google Tag Manager
- Secret to Setup Facebook Pixel Tracking Correctly in Google Tag Manager
The Google Analytics usage trend is a new tool which is used to visualise trends in your Google Analytics data and to perform trend analysis.
Take your knowledge of Web Analytics to the next level. Checkout my web analytics training course.
Take your Analytics knowledge to the next level. Checkout my Best Selling Books on Amazon
Maths and Stats for Web Analytics and Conversion Optimization
This expert guide will teach you how to leverage the knowledge of maths and statistics in order to accurately interpret data and take actions, which can quickly improve the bottom-line of your online business.
Master the Essentials of Email Marketing Analytics
This book focuses solely on the ‘analytics’ that power your email marketing optimization program and will help you dramatically reduce your cost per acquisition and increase marketing ROI by tracking the performance of the various KPIs and metrics used for email marketing.
Attribution Modelling in Google Analytics and Beyond
Attribution modelling is the process of determining the most effective marketing channels for investment. This book has been written to help you implement attribution modelling. It will teach you how to leverage the knowledge of attribution modelling in order to allocate marketing budget and understand buying behaviour.
Himanshu Sharma
Certified web analyst and founder of OptimizeSmart.com
