Skip to main content Accessibility Feedback

Third-party scripts were a mistake

I don’t think I’ve ever read anything from Jeremy Keith that I’ve disagreed with, but this article on CSS-Tricks from back in December really hits hard…

I’d like to tell you something not to do to make your website better. Don’t add any third-party scripts to your site.

That may sound extreme, but at one time it would’ve been common sense. On today’s modern web it sounds like advice from a tinfoil-hat-wearing conspiracy nut. But just because I’m paranoid doesn’t mean they’re not out to get your user’s data.

All I’m asking is that we treat third-party scripts like third-party cookies. They were a mistake.

Why, you may ask?

When you add any third-party file to your website—an image, a stylesheet, a font—it’s a potential vector for tracking. But third-party JavaScript files go one further. They can execute arbitrary code.

You can read the full article here.