So I've spent an hour or so bashing my head on the proverbial brick wall w.r.t. the horrible fb_xd_fragment problem which has the potential to completely screw your stats, search engine standings on account of duplicate problems, and present blank pages to visitors. The problem which appears to have no solution, by the way.
After giving up, I was ever so pleased to stumble across yet another Facebook problem.
Why, oh Facebook, is MSIE 9 showing its annoying "Only secure content is displayed" popup?
On my completely unencrypted http site?
Which has nothing but a single 'like' button embedded on it using the FBML button?
So in Firebug, we can see that a page load of http://www.example.com/ is firing off a handful of requests to resources on https://www.facebook.com/ and https://s-static.ak.facebook.com/ . Cue mixed content warnings from any client like MSIE 9 that cares to present them.
Not logs, G Analytics. With the correct host name and normal user agents. All the URLs definitely redirect correctly if done manually in a browser. Something to do with caching maybe? It's confusing me.