Re: ... do not click here
That's the problem with the FB (and others) supplied snippit. It tracks using scripts. If you have facebook scripts but not the facebook domains hosting the image etc blocked, then to an extent FB still senses the traffic and maybe even get your browser stats. I'm not sure how much a non-unique URL of an image exposes. Usually "clear" pixels as trackers have a unique per page URL. Also why ALL remote content, not just scripts, but remote images are blocked in my email client. Often email remote images have unique "fake" url suffixes after the / for the main domain to enable per destination delivery verification. Website image trackers are similar.
It's time that the ONLY 3rd part content on a website is a non-unique URL that is only an HTML link, no image loading, script or tracking suffix. It may even be a legal requirement already, even before GDPR in Europe, it's just people like Irish Data Commissioner are "lazy" (Google moves ALL EU T&C to Google Ireland from Google LLC in Jan, yet STILL has no clear opt out and by defaults tracks).
Time to ditch Google API, Google Fonts and Google Analytics etc. All the equivalents can be hosted free on your own server. Stop giving Google a free ride. No Google service is free. Ordinary users pay via their usage.