Since October 2018, a new parameter known as fbclid has been appearing in many outgoing links on Facebook.
Have you ever noticed something strange in the URL when sharing or clicking on links from Instagram or Facebook? It’s the “?igsh” or “?fbclid” parameter, which is usually included directly in the URL when shared or clicked.
When you share or click a link on Facebook or Instagram, you may notice additional characters at the end of the URL. For example, if you look at this URL example.com/article, you might see a URL like this:
example.com/article?fbclid=IwAR0xyz...Or on Instagram:
example.com/page?igsh=MzRlODBiNWFlZA==These extra strings are called URL parameters. The most common ones are fbclid (Facebook Click Identifier) and igsh (Instagram Share Identifier). For many users, these random-looking codes raise questions:
- Are they tracking me?
- Can they compromise my privacy?
- Should I remove them before sharing links?
In this article, we’ll break down what Facebook and Instagram parameters are, how they work, whether they are harmful, and what you can do to protect your privacy online.
What Are Facebook and Instagram URL Parameters?
Facebook: fbclid
fbclid stands for Facebook Click Identifier. It is automatically added to links clicked from Facebook. When you click a post, ad, or story that leads to an external website, Facebook attaches this unique string to the URL.
- To help advertisers and website owners track where their traffic comes from.
- To measure the effectiveness of ads, campaigns, or posts.
- To distinguish one click from another for analytics purposes.
Instagram: igsh
igsh stands for Instagram Share Identifier. It appears when users copy or share links from Instagram.
- To maintain link tracking when users share content.
- To provide Instagram with insights into user behavior and sharing patterns.
- Sometimes, to ensure that links open correctly inside the Instagram app or browser.
In short, these parameters are tracking codes. They don’t change the actual page content, but they help Facebook and Instagram record and analyze user activity.
Are These Parameters Dangerous?
Facebook (fbclid) and Instagram (igsh) parameters are not malicious in the sense of malware or viruses. They will not directly damage your device or steal your data.
It’s a tracking tool. Its purpose is to collect data about how and when you click on links, which is then used by Meta (Facebook & Instagram) and advertisers for analytics and targeted advertising.
From a Security Perspective
Safe: Parameters like fbclid and igsh themselves are not malicious. They don’t contain viruses, malware, or executable code. Clicking a link with these parameters won’t hack your device.
Just Data: They are simply unique identifiers that tell Facebook/Instagram when and where a click happened.
From a Privacy Perspective
Tracking Concerns: While not directly harmful, these parameters do allow Meta and third parties to track you more precisely.
Data Profiling: Over time, these small pieces of data contribute to your online profile — what you click, what you buy, and how you behave.
Cross-Platform Linking: Combined with cookies, pixels, and device IDs, parameters can help advertisers follow you across websites and apps.
While parameters like fbclid (Facebook Click Identifier) and igsh (Instagram Share Identifier) don’t pose a technical danger, they won’t install malware, harm your phone, or hack your computer, but they do impact your digital privacy. Remove fbclid from your URLs?
In other words, these parameters are part of a larger tracking ecosystem. They aren’t harmful on their own, but when combined with cookies, device IDs, and ad pixels, they help advertisers and platforms build a very detailed picture of your behavior.