Note: The ultimate pro tip for managing third-party scripts is, of course, Akamai Script Management.
A typical web page today can contain upwards of 75 third-party scripts, such as ads and analytics beacons. If you care about web performance, these scripts can be the bane of your existence. But third parties aren’t going away. They add value to site owners by generating revenue (ads), increasing conversions (targeting beacons), and helping you understand your users in unprecedented ways (analytics tags).
The best thing you can do is take a strong proactive approach to mitigate any potential performance damage your third parties may generate.
Last month, I was invited to speak at WebPerfDays Amsterdam. I stayed for the breakout sessions, and I’m glad I did. One of the sessions focused on managing third-party performance, where pros like Andy Davies and Perry Dyball shared some best practices that were too good not to pass along.
Before you deploy a new third-party script…
1. Calculate its ROI
Perform an A/B test of your pages, with and without the script. Use a synthetic measurement tool, such as WebPagetest, to generate waterfall charts for both versions, and identify how long the third-party scripts take to load. Note these benchmarks.
From the third-party vendor, get the number for the average conversion rate increase experienced by other sites that use the tool. Using Aberdeen’s widely accepted performance stat that a 1-second page delay equals a 7% loss in conversions, calculate the potential net conversion gain or loss. For example, if a tool slows down page load by 2 seconds, that means a 14% conversion loss. But if that same tool promises a 20% conversion increase, then that’s a net gain of 6% (not including the cost of purchasing the tool).
Use this ROI calculation to determine if a specific script ultimately helps your business.
2. Check where third parties are being served from
If most of your visitors are in the UK, but your third-party script is hosted in the US, that could incur a hefty latency delay. Talk to your third-party provider about using a content delivery network (CDN) to cache third-party assets closer to your users.
3a. Design and implement with failure in mind
There’s no such thing as 100% uptime. Everyone has bad days, and third party scripts are no exception. What will happen to your pages if a given script goes down? You can easily simulate this in WebPagetest under the “SPOF” tab in the advanced settings:
You need to factor this into design and implementation. Will you serve third party scripts asynchronously? Or alternatively, serve them in a non-blocking fashion? If that’s not an option, as in the case of some analytics tags or ad scripts, then will you set timers on your scripts to allow for a set waiting time before the script times out and the rest of the page can resume loading?
3b. Enable cache timeouts
(Hat tip to Philip Tellis for suggesting this new tip.) Many third-party scripts disable script caching or have very short timeouts (less than an hour). These scripts should have timeouts that span multiple days. This way they can weather spot sales, marketing campaigns, and other traffic spikes.
After you’ve added the script…
4. Measure its impact on performance and your business
This is an evolutionary leap from tip #1 of this post. Instead of using synthetic measurement tools, use your own user data (via real user monitoring tools) to measure the actual impact of third-party tools on your business. This lets you do several great things simultaneously, such as:
- Determine if the third-party scripts are slowing down your pages.
- If the script is slowing down your pages, determine if this slowdown is hurting metrics like bounce rate, time on site, and conversion rate.
- Regardless of whether or not the third-party script is slowing down your pages, gauge the impact of the script on business metrics, as above.
5. Generate a request map that exposes fourth-party (and fifth-party, and so on) calls
Use a third-party analysis tool to generate a request map and expose extended calls. For example, this request map, generated using Ghostery, illustrates long redirect chains triggered by third-party calls on Monster.com. I looked at the waterfall that this map is based on, and I counted 40+ calls in just one chain — possibly the longest redirect chain I’ve ever seen. (If you’ve seen longer, let me know. I’d love to see it.)
Whether a third-party script triggers a fourth-party call or a fortieth-party call, that call doesn’t just introduce additional latency. It also has the potential to hurt your business — and your users — in other ways:
- Exposes you to data leakage
- Generates content security warnings that alarm your visitors and kill your conversions
- Hurts your Google search rankings (SEO)
- Makes your site vulnerable to man-in-the-middle security attacks
6. Detect when your third-party scripts change
Most third-party vendors will go into lockdown along with you during the holidays, but your vendors might not be aware of your special events. They might plan changes that could have an impact on your site.
To illustrate: One year, during Nordstrom’s anniversary sale, Gopal’s team realized that their order management system wasn’t processing orders anymore. After much digging, they discovered that the vendor they used for fraud checks had implemented a change to the service just hours before the start of the sale — and this change was blocking all orders. Now Nordstrom lets all vendors know about its anniversary sale well in advance.
7. Give feedback to third-party providers
I’ve been a longtime advocate of this practice. Sometimes third-party vendors don’t know their script is suffering from performance problems. Letting them know is the right thing to do.
Cheats and workarounds
8. Cache social media metrics to simulate social numbers without sacrificing performance
This is a nifty little hack. If social metrics are a must-have on your pages, but you don’t like the performance penalty/risk they can incur, one person in the WebPerfDays breakout session offered this tip. You simply update your metrics periodically or during off-peak times instead of in real time.
9. Instead of using third-party analytics, do your own A/B performance testing server-side
Not everyone has the means to take this on, but if you can, this is a great suggestion.
10. Disable the scripts during peak traffic times
One breakout participant shared that his team simply disabled problematic scripts during known busy times. This one was a bit controversial (no surprise). For example, if the purpose of your script is to give you insights into your customers, then disabling it when many of your customers are visiting your site is obviously not good. Ultimately, WebPerfDays attendees tended to agree that this tactic is okay in an emergency, but not great as standard practice.