Third-Party Scripts
Last updated:
Third-party scripts affect performance, privacy, and reliability — audit impact and govern what stays.
01 — Purpose
External scripts, your user experience
Third-party scripts affect performance, privacy, and reliability — audit impact and govern what stays on the page.
Analytics, chat widgets, A/B tools, ad tags, and social embeds run in your origin’s context. Their bytes, blocking behaviour, and layout impact are yours to manage — even when you did not write the code.
See third-party embeds and JavaScript cost.
02 — Impact
Measure before you keep
Render blocking, payload size, layout shifts, and main-thread work from observers.
- record baseline LCP, INP, and bundle weight before adding a vendor
- load tags async or defer — avoid render-blocking third-party JS in
head - reserve space for embeds and ad slots — prevent CLS when content injects
- one analytics stack — not three competing trackers
03 — Governance
Own the script list
Tags accumulate unless someone reviews them quarterly.
- document owner, purpose, and removal criteria for each script
- quarterly review — measure page weight and INP after each change
- tag managers are not an excuse to add everything — discipline still applies
- align with performance budgets and frontend observability
04 — Avoid
Third-party debt
Scripts accumulate silently until pages feel sluggish for everyone.
- render-blocking analytics or chat in the critical path
- adding vendors without measuring field impact
- duplicate heatmaps, chat, and attribution pixels nobody maintains
05 — Close
Your page, your budget
Treat third-party scripts like first-party code in review.
If the cost is too high, negotiate async loading, remove duplicates, or link instead of embed.