All Facebook users are now connecting to the site via a secure connection. It’s a move that should mean better security for anyone visiting Facebook.com, but it could also pose problems for marketers and webmasters that want to know how much traffic they’re getting from the world’s biggest social network.
Facebook announced the switch to default https yesterday, saying that “virtually all” Facebook.com visitors will have a secure connection, and about 80 percent of visitors to m.facebook.com will, too.
The issue from a marketing angle is that secure connections don’t pass referrer data, unless the site getting traffic is also using a secure connection. (Thus, the ongoing increases in “not provided” referrals from Google search, which have been routed through an https connection for logged in users by default since October 2011.) But Facebook’s announcement yesterday included mention of the company’s plan for “controlling referrer headers.”
Browsers traditionally omit the referrer when navigating from https to http. When you click on an external link, we’d like the destination site to know you came from Facebook while not learning your user id or other sensitive information. On most browsers, we redirect through an http page to accomplish this, but on Google Chrome we can skip this redirect by using their meta referrer feature.
In other words, webmasters and marketers should continue to see Facebook listed as a referrer despite the switch to default secure browsing. And that’s good news all around.