What’s the Referral in Google Analytics

Starting in April 2014, you may have noticed social referrals from Facebook coming into Google Analytics (GA) as source/medium and These referral visits from Facebook were being reported as visits from an unknown source until Facebook implemented the link shim. The link shim is designed to protect the personally identifiable information (PII) of users, and to warn users with an interim page when they are at risk of being redirected to a spammy or malicious website.

What is vs vs

Here is a screen shot of and referral sessions reported in the GA interface. is mobile, and and are referrals from Facebook via the link shim system.lm-fb-data

Understanding the Facebook Link Shim

The link shim allows marketers more visibility in terms of where users came from. When a user is on the internet using a secure server network, their activity and identity are highly protected. You many have seen or heard about HTTP versus HTTPS server headers. Put simply, the difference between an HTTP and an HTTPS server header is that HTTPS is secure from wire-tapping and “man in the middle” attacks.  You can see Facebook with the secure server header HTTPS in the example screenshot below.https-fb

Before the link shim, visits from users operating on a secure server network came in as unidentifiable. This is because when a user is on a secure network, the referer header is not passed along. Basically what this means is that when a user clicks on a hyperlink and lands on a webpage, that destination webpage has no information about where the user came from.


Protecting user identity with Facebook referral traffic

In terms of privacy protection, Facebook provided a real word example of the link shim in action. It makes a lot of sense and it is fairly simple to understand. Let’s say hypothetically, the URL of a page in your timeline is, and someone clicks on a link from that page in your timeline to I can then see that the user had clicked from to get to my site. I would then be able to identify exactly who you are because you shared a link to my site on a page in your Facebook timeline that someone clicked on. Some marketers may see this as a draw back because of course we want to know the identities of people we can target! Having said that, there are better ways to get to know your audience without violating their rights.

The Facebook link shim warns users about malicious websites

Facebook has a list of websites that they deem dangerous in some way. The list is refreshed on a regular basis. When a user is on Facebook or accessing Facebook through their email and they click on a link, Facebook cross checks the link with their database and warn the user if the site they are going to be redirected to is flagged as malicious.

In short, the link shim is a great system for both digital marketers and users. Digital marketers can report the ROI of Facebook more accurately. Users can rest assured that their identity is secure, and that they will not end up on malicious websites if they click on a link from Facebook.

Sign up for our newsletter for more posts like this - delivered straight to your inbox! 


We love helping marketers like you.

Sign up for our newsletter to receive updates and more: