The Dangers of Third Party Scripts

by | July 21, 2014



Web developers don’t like to waste time.


They like to iterate, improve, and move on to the next challenge. Given the enormous range of third party offerings on the market these days, it’s no wonder most websites include a number of third party scripts meant to simplify and improve user experience. In fact, over 50% of all page requests are third-party calls.


Our reliance on third-party scripts


Despite their best intentions, third-party scripts can really slow a website down. They can present unforeseen risks to both your pages and your users in the form of outages, slowdowns, and compromised security. The best example of this is Facebook’s 2012 outage, which slowed down 1000s of retail sites integrated with the social media platform. (Keep in mind that even when they’re up and running, the average Twitter call takes 832ms, the average Facebook call 918ms, and the average Paypal call a staggering 1.788s.)


But beyond the hit your website could suffer from integrating too many third party scripts, there’s an additional, hidden danger most developers may not even know about – the fourth party call. Often, a third-party vendor will sell their implementation as “only one line of code.” But upon implementing that one line of code, a cascade of additional calls, commonly referred to as fourth-party calls, may effectively nerf your site speed.



This was the result of a single third-party call


Identifying dangerous third-party scripts


The only way to effectively use this knowledge and actually pare down your third-party reliance is by auditing your third-party scripts. In other words, web developers should rigorously:


  • identify all third-party scripts
  • know what pages they’re running on
  • find out what best practices each script uses (if any!)
  • read the SLA for each provider (if available)


Another turnkey way to diagnose your website’s optimization pain points (and identify sluggish scripts) is to useĀ waterfall charts. A waterfall chart (like the one above) is a diagram that shows you the series of actions which occur between a user and the server when a call is performed. Everything from HTML to Javascript is laid out so that you can tinker around and optimize accordingly.


The last thing you can do is to test for SPOFs, or single points of failure. Testing for SPOFs used to be an involving, time-consuming process, but recent improvements (like the free SPOF-O-Matic application in the Google Chrome store) have made this type of testing simpler than ever.


There’s no excuse for letting third-party scripts drag down your entire site. Web developers should be actively diagnosing the culprits that are keeping their sites from running the way they could be in order to optimize performance.


At the end of the day, you want third-party scripts to bring more people to your site – not make them turn away.