Facebook - Meta Pixel Consent & Ad Tracking Info

Overview

Facebook (Meta) operates the most widely deployed third-party advertising pixel on the web. The Meta Pixel and its successor, the Conversions API, track page views, product interactions, add-to-cart events, and purchases to power retargeting campaigns and lookalike audience building on Facebook and Instagram. Meta's pixel infrastructure feeds one of the largest advertising targeting platforms in existence, matching browser visitors to Facebook user accounts through deterministic (login-based) and probabilistic signals.

What This Script Does

Meta Pixel Base Code

The Meta Pixel base code is a JavaScript snippet that loads connect.facebook.net/en_US/fbevents.js. On load, it fires a PageView event and reads Meta's third-party cookies (_fbp, _fbc) to identify the visitor. It also reads any first-party cookie set via Pixel advanced matching.

Standard Events

Advertisers instrument their pages with standard event calls: fbq('track', 'Purchase', {...}), fbq('track', 'AddToCart', {...}), fbq('track', 'Lead', {...}). Each event fires a pixel beacon to facebook.com/tr with the event data, the _fbp visitor ID, and optionally hashed personal data via advanced matching.

Advanced Matching

Advanced matching allows the pixel to send hashed (SHA-256) versions of the user's email, phone number, name, and address when they are available on the page (e.g., logged in to an account). Meta uses these hashes to match browser visitors to Facebook accounts with higher precision than cookie-based matching alone.

Cookies Set

_fbp — First-party persistent cookie. Meta's primary browser pixel identifier, set on the advertiser's domain. Stores a unique Facebook visitor ID. Duration: 90 days.
_fbc — First-party persistent cookie. Stores the Facebook click identifier (fbclid) from an ad click URL, used to attribute conversions to specific ad campaigns. Duration: 90 days.
fr — Third-party persistent cookie on facebook.com. Meta's core cross-site tracking cookie used for ad targeting and frequency capping. Duration: 90 days.
datr — Third-party persistent cookie on facebook.com. Browser identifier used by Meta for security and fraud detection. Duration: 2 years.

Domains Contacted

connect.facebook.net — Serves the fbevents.js library.
facebook.com/tr — Pixel event beacon endpoint. All fbq() calls send data here.
graph.facebook.com — Meta's Graph API endpoint for advanced features and server-side Conversions API.

Data Collected Per Interaction

Page URL and referrer for every PageView event
Facebook visitor ID (_fbp)
Facebook click ID from ad URL (fbc parameter)
Event name and properties (purchase value, product IDs, currency, content type)
Hashed email, phone, name, and address via advanced matching when provided
Browser user-agent, screen resolution, and language
IP address (for Conversions API server-side events)
Facebook account identity when the user is simultaneously logged into Facebook

Consent & Compliance

GDPR / ePrivacy: The Meta Pixel has been at the center of major GDPR enforcement in Europe. The Irish DPC fined Meta €1.2 billion in 2023 for unlawful EU-US data transfers. Multiple EU DPAs (Austrian DSB, French CNIL, Italian Garante, Belgian APD) have ruled that use of the Meta Pixel without valid prior consent violates GDPR. The pixel sets both first-party and third-party cookies and transmits data to Meta's US servers. Prior explicit consent is required under GDPR Article 6 and the ePrivacy Directive before fbevents.js loads.

CCPA / CPRA: Meta's pixel constitutes a "sale" and "sharing" of personal information under CPRA when used for behavioral advertising. Operators must include a Do Not Sell or Share opt-out and honor Global Privacy Control (GPC) signals.

EU-US Data Privacy Framework: Meta participates in the EU-US DPF. However, given the scale of EU enforcement against Meta specifically, DPF certification alone may not satisfy some EU DPAs' requirements.

IAB TCF Purposes: Purpose 1, 2, 3, 4, 5, 6, 7, 8, 9, 10. Meta is a registered IAB TCF vendor (Vendor ID 999).

Should You Block This Without Consent?

Yes. The Meta Pixel is among the highest-risk third-party scripts from a GDPR enforcement perspective. Multiple EU DPAs have issued fines and orders specifically targeting the Meta Pixel. It must not load until the user has explicitly accepted marketing cookies. Consent management platforms should block connect.facebook.net until consent is confirmed.

Visit website

Products (7)

Facebook Login

Facebook Login is a Meta OAuth authentication service that allows users to sign in to third-party websites using their Facebook account. Scripts load the Meta SDK, set cross-site session cookies for authentication, and may share login activity data with Meta.

Instagram

Instagram tracking scripts support conversion measurement for Meta advertising campaigns running on Instagram. Scripts fire on advertiser websites to capture click-through and view-through conversions from Instagram ad placements. Collected data flows into Meta Ads Manager for attribution reporting and audience building.

Meta Pixel

Meta Pixel (formerly Facebook Pixel) is a conversion tracking and audience-building tool used by advertisers running campaigns on Facebook and Instagram. Scripts fire events on advertiser websites when users complete actions like purchases or form submissions. Collected data is used for ad targeting, retargeting, and conversion attribution.

Facebook Comments

Facebook Comments is a Meta social plugin that embeds a comment system on external websites. Scripts load the Meta SDK, set Facebook tracking cookies on page load, and send engagement data to Meta regardless of whether visitors interact with the widget.

Facebook Like Button

Facebook Like Button is a Meta social plugin that embeds a like and react button on external websites. Scripts load the Meta SDK and set Facebook tracking cookies on page load regardless of visitor interaction. Browsing data may be shared with Meta for ad targeting purposes.

Facebook Share Button

Facebook Share Button is a Meta social plugin that lets visitors share web content to their Facebook feed. Scripts load the Meta SDK and set cross-site tracking cookies on page load, enabling Meta to track visits and attribute browsing behavior for advertising purposes.

Instagram Feed

Instagram Feed embeds allow websites to display Instagram posts and media galleries. Scripts load Meta's Instagram embed code, set tracking cookies, and send interaction data to Meta. Visitor browser data may be shared with Meta on page load regardless of whether visitors interact with the content.

Consent Categories

Marketing

Analytics

Also Known As

FacebookMeta PixelFacebook PixelMeta advertisingretargeting cookiesFacebook trackingfbq

Industries

Computers Electronics and TechnologySocial Networks and Online Communities

Tracked Domains (3)

facebook.comMarketing

fbcdn.netSocial Media

atdmt.comMarketing

Frequently Asked Questions

Does Facebook (Meta Pixel) require cookie consent?

Yes. The Meta Pixel is marketing. EU DPAs including the Irish DPC, French CNIL, and others have fined Meta and issued orders requiring prior explicit consent before the pixel loads. Do not load fbevents.js without consent.

What cookies does the Meta Pixel set?

_fbp (90-day, first-party visitor ID), _fbc (90-day, ad click attribution), fr (90-day, third-party on facebook.com for ad targeting), and datr (2-year, third-party browser identifier). Scripts contact connect.facebook.net and facebook.com/tr.

How does ConsentStack handle the Meta Pixel?

ConsentStack blocks connect.facebook.net in the marketing consent category. The pixel is withheld until explicit opt-in is granted. On consent, fbevents.js loads and begins tracking page views and conversion events.