Facebook Like Button

Facebook Like Button

Facebook Like Button is a Meta social plugin that embeds a like and react button on external websites. Scripts load the Meta SDK and set Facebook tracking cookies on page load regardless of visitor interaction. Browsing data may be shared with Meta for ad targeting purposes.

Facebook
Part of Facebook
Back to Vendor Library

Overview

The Facebook Like Button is one of Meta's social plugins — a small interactive widget that allows visitors to "like" a web page and share it to their Facebook feed without leaving the site. Despite its simple appearance, the Like Button loads Meta's full JavaScript SDK and initiates cross-site tracking on every page where it is embedded, regardless of whether the visitor interacts with the button or even has a Facebook account.

What This Script Does

The Facebook Like Button is implemented by loading Meta's JavaScript SDK from connect.facebook.net/en_US/sdk.js and rendering the button via an iframe or the FB.XFBML.parse() method.

Script Loading and Network Requests

When a page containing the Like Button loads, the following occurs immediately — before any visitor interaction:

  • The sdk.js script is fetched from connect.facebook.net, establishing a connection to Meta's servers
  • The SDK initializes with the site's Facebook App ID and sends a request to www.facebook.com to render the Like Button iframe
  • Additional requests to www.facebook.com/plugins/like.php load the button UI and retrieve the current like count for the page

Cookies

The SDK sets and reads several cookies on the .facebook.com domain:

  • _fbp — a first-party cookie set on the host website's domain (when the Meta Pixel is also present) that contains a unique browser identifier. Lifespan: 90 days. Used for advertising attribution and cross-site tracking.
  • datr — a .facebook.com cookie that identifies the browser for security and integrity purposes. Lifespan: 2 years.
  • fr — a .facebook.com cookie used for delivering and measuring the relevance of advertising. Lifespan: 90 days.
  • sb — a .facebook.com cookie used for browser identification. Lifespan: 2 years.

For visitors who are logged into Facebook, the SDK reads their existing Facebook session cookies, enabling Meta to associate the page visit with their Facebook profile. For logged-out visitors, Meta still receives the page URL, referrer, browser fingerprint data, and the datr cookie, which allows cross-site tracking across any website that embeds Meta social plugins.

Data Transmitted to Meta

On every page load where the Like Button is present, Meta receives:

  • The full URL of the page being visited
  • The referring URL
  • The visitor's IP address
  • Browser user agent and screen resolution
  • Any existing Facebook cookies (linking the visit to a Facebook profile for logged-in users)
  • Timestamp of the visit

This data feeds into Meta's advertising platform for interest-based ad targeting, regardless of whether the visitor clicks the Like Button.

Consent & Compliance

The Facebook Like Button is classified under both marketing and functional categories. While the button provides a functional social sharing feature, its primary impact is marketing: it enables Meta's cross-site tracking and advertising data collection on every page load.

Under GDPR and ePrivacy, the Like Button requires explicit prior consent before loading. The Court of Justice of the European Union (CJEU) ruled in the Fashion ID case (C-40/17, July 2019) that website operators who embed the Facebook Like Button are joint data controllers with Meta for the data collection and transmission that occurs when the plugin loads. This means the site operator shares responsibility for obtaining valid consent before the SDK script is loaded.

The ePrivacy Directive requires consent for any non-essential cookie access or data transmission from the visitor's device. Since the Like Button transmits browsing data to Meta on page load for advertising purposes, it clearly falls outside the strictly necessary exemption.

Under CCPA/CPRA, the data transmitted to Meta through the Like Button constitutes "sharing" of personal information with a third party for cross-context behavioral advertising. A "Do Not Sell or Share My Personal Information" link is required, and the Like Button should not load for visitors who have opted out.

Should You Block This Without Consent?

Yes. The Facebook Like Button loads Meta's tracking infrastructure on every page view, transmitting visitor data to Meta for advertising purposes regardless of visitor interaction. Under EU law (including the CJEU Fashion ID ruling), you are a joint controller with Meta for this data collection and must obtain consent before the SDK loads. Block the connect.facebook.net script entirely until consent is granted.

Visit website

Consent Categories

Marketing
Functional

Also Known As

facebook like button trackingmeta like widget cookiesfacebook social plugin privacyfb like button consentfacebook like embed

Industries

Computers Electronics and TechnologySocial Networks and Online Communities

Frequently Asked Questions

Does the Facebook Like Button require cookie consent?

Yes. The Facebook Like Button is classified under marketing and functional. Under the CJEU Fashion ID ruling, embedding it makes you a joint data controller with Meta for data collected on page load. The SDK transmits visitor data to Meta for ad targeting before any interaction, requiring explicit prior consent.

What does the Facebook Like Button track?

On every page load, the Like Button SDK sends the full page URL, referrer, IP address, and browser metadata to Meta via connect.facebook.net. It sets datr (2 years) and fr (90 days) cookies on facebook.com for cross-site tracking. For logged-in users, Meta associates the visit with their Facebook profile.

How does ConsentStack handle the Facebook Like Button?

ConsentStack blocks connect.facebook.net from loading until marketing consent is granted. This prevents all data transmission to Meta on page load. ConsentStack applies the CJEU Fashion ID joint controller standard, treating the Like Button as a marketing tracker that cannot fire without explicit visitor consent.

Other Facebook Products

Facebook Login
Facebook Login
Facebook Login is a Meta OAuth authentication service that allows users to sign in to third-party websites using their Facebook account. Scripts load the Meta SDK, set cross-site session cookies for authentication, and may share login activity data with Meta.
Instagram
Instagram
Instagram tracking scripts support conversion measurement for Meta advertising campaigns running on Instagram. Scripts fire on advertiser websites to capture click-through and view-through conversions from Instagram ad placements. Collected data flows into Meta Ads Manager for attribution reporting and audience building.
Meta Pixel
Meta Pixel
Meta Pixel (formerly Facebook Pixel) is a conversion tracking and audience-building tool used by advertisers running campaigns on Facebook and Instagram. Scripts fire events on advertiser websites when users complete actions like purchases or form submissions. Collected data is used for ad targeting, retargeting, and conversion attribution.
Facebook Comments
Facebook Comments
Facebook Comments is a Meta social plugin that embeds a comment system on external websites. Scripts load the Meta SDK, set Facebook tracking cookies on page load, and send engagement data to Meta regardless of whether visitors interact with the widget.
Facebook Share Button
Facebook Share Button
Facebook Share Button is a Meta social plugin that lets visitors share web content to their Facebook feed. Scripts load the Meta SDK and set cross-site tracking cookies on page load, enabling Meta to track visits and attribute browsing behavior for advertising purposes.
Instagram Feed
Instagram Feed
Instagram Feed embeds allow websites to display Instagram posts and media galleries. Scripts load Meta's Instagram embed code, set tracking cookies, and send interaction data to Meta. Visitor browser data may be shared with Meta on page load regardless of whether visitors interact with the content.

Related Vendors

Google Ads
Google Ads
Google Ads is Google's advertising platform for search, display, and remarketing campaigns. Conversion tracking scripts fire on advertiser landing pages to measure actions taken after ad clicks. The remarketing tag builds audience lists for retargeting users across Google's ad network.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
Microsoft Advertising UET Tag
Microsoft Advertising UET Tag
Microsoft Advertising UET Tag is the Universal Event Tracking pixel for Microsoft's ad platform, formerly Bing Ads. The JavaScript tag fires on advertiser websites to track page views, conversions, and custom events for campaign optimization. Sets cookies to identify visitors across sessions and attribute conversions to Microsoft Search and Audience Network ad clicks.
LinkedIn Ads
LinkedIn Ads
LinkedIn Ads is LinkedIn's advertising platform for B2B marketing and professional audience targeting. Conversion tracking scripts and pixels fire on advertiser websites to measure sign-ups, downloads, and purchases driven by LinkedIn ad campaigns. Sets cookies for audience matching, retargeting list building, and cross-device attribution reporting.

Manage consent for Facebook Like Button

ConsentStack automatically detects and manages Facebook Like Button trackers so your site stays compliant with global privacy regulations.

Get started