In this article, we will show you how to secure your Facebook pixel from being used by unfamiliar website domains. As you may know, when you add your pixel to your website, your pixel ID is publicly visible. This means that anyone could find your pixel ID, add it to the pixel base code and put it on their own website. If this happens you usually get a notification that your pixel is being used on new domains.

How to secure your Facebook pixel

1. To make sure that only your website sends Facebook events through your pixel, go to https://business.facebook.com/. If you have multiple business accounts select the one that is applicable for your Facebook pixel.

2. When you select it, go to the Events Manager section.

3. Then select the appropriate Facebook pixel ID. Make sure that this is the accurate one because you might have several pixels. The small red triangle indicates that there is a problem with the pixel. From Diagnostics, you can see that your pixel recently has started sending events from another domain

4. To prevent that you have to set pixel traffic dimensions. Go to Settings, scroll down to the very bottom of the page where you will find Traffic Permissions. From this section, you can create traffic allow list. 


This feature in the Events manager enables you to create an allow list or a block list to control if domains are allowed to send events through your Facebook pixel. You can create either an allow list or a block list in the Traffic Permissions setting but not both. Facebook advises using an allow list because it provides more control over your pixel traffic than a blocked list. 


5. Tab the button Create allow list. In the window that opens you should enter the domain, you want to add to your list and click Next or select specific domains from the Top Domain Traffic table. Make sure that you have selected all the domains and subdomains in order to eliminate all the traffic you are not interested in measuring the events.

When you are ready click on the Confirm button to affirm your selection then click on the Close button.


Creating this list of allowed domains means you won't receive traffic and event data from all domains that are not on your allow list and that have this pixel installed.


That's all you need to do to secure Facebook pixel from being used from other domains.