Third-Party Script Governance

01 — Purpose

Tags accumulate: analytics, ads, chat, A/B testing, heatmaps. Each has an owner somewhere in marketing or product — but rarely a performance owner. Governance keeps the script list intentional, measured, and removable.

See third-party performance and third-party embeds.

02 — Principles

regular auditing — inventory every script, who added it, and why
performance monitoring — measure CWV before and after each addition
ownership tracking — named team accountable for each vendor
necessity review — remove what no longer earns its cost

03 — Practice

maintain a script register — URL, purpose, owner, date added, removal criteria
require approval before new tags — performance and privacy sign-off
quarterly cleanup — remove abandoned, duplicate, or unused vendors
correlate deploys with error and CWV spikes — see frontend observability workflows
enforce budgets — see performance budgets for third-party weight limits

04 — Avoid

abandoned scripts — vendor replaced but old tag still firing
duplicate tooling — two analytics platforms, three heatmap tools
uncontrolled tracking growth — every campaign adds pixels without review
no rollback plan when a vendor script breaks checkout
governance docs nobody updates — register out of date on day one

05 — Close

Schedule a quarterly third-party review. Measure page weight and INP with tags on vs off. Kill scripts that cannot justify their metrics impact.

See third-party performance, frontend observability, and frontend security checklist.

Govern external scripts actively

Third-party scripts require active governance

Good governance workflow

Uncontrolled script growth

If it is not owned, remove it