While implementing third-party resources has downsides for performance and you should self-host your assets when possible, sometimes relying on external files is unavoidable. But be warned — using them can sometimes cause real headaches.

Third-party scripts, or "tags" can be a source of performance problems on your site, and therefore a target for optimization. However, before you start optimizing the tags you have added, make sure that you are not optimizing tags you don't even need. This article shows you how to assess requests for new tags, and manage and review existing ones.

This post covers some of the performance issues related to consent banners, how I bypass the banners, and my approach to working out which cookies or localStorage items I need to set to bypass them.

Si vous voulez auto-héberger des ressources tierces, voici quelques astuces :

• Auto-hébergez vos bibliothèques JS, polices et CSS critiques. Cela réduira le risque de SPOF ou de dégradation des performances sur le chemin critique.
• Avant de mettre en cache une ressource tierce sur un CDN, assurez-vous qu'elle est versionnée ou que vous pouvez gérer son cycle de vie en vidant manuellement ou même automatiquement le CDN lorsqu'une nouvelle version est publiée.
• Vérifiez votre configuration CDN / proxy / cache pour éviter d'envoyer des cookies de votre domaine et des Clients-Hints à des services tiers.

Utilisation d'un reverse proxy pour optimiser la délivrance des JS tiers.

If you do find yourself in a position where your site’s initial rendering depends on a third-party script, refer to your mitigation plan to see what you can do to eliminate or ameliorate your dependence on it. Depending on a third party for core functionality is never a good position to be in, as you’re relinquishing a lot of control to others who might not have your best interests in mind.

Average cost, total impact and popularity of the main third parties.

To make this risk-score system work accurately, website administrators are supposed to embed reCaptcha v3 code on all of the pages of their website, not just on forms or log-in pages. Then, reCaptcha learns over time how their website’s users typically act, helping the machine learning algorithm underlying it to generate more accurate risk scores. Because reCaptcha v3 is likely to be on every page of a website,  if you’re signed into your Google account there’s a chance Google is getting data about every single webpage you go to that is embedded with reCaptcha v3—and there many be no visual indication on the site that it’s happening, beyond a small reCaptcha logo hidden in the corner.

In this talk, we’ll take a look at unruly or uninvited (third-)party guests: how to detect them, how to audit them, and how to manage them. We’ll also look at the different tools available to help us stress-test and quantify the overhead these third parties bring, and what that means for users and businesses alike.

Improving third-party web performance at The Telegraph

"Third-party scripts are probably the #1 cause of poor performance and bad UX on the web. It's no wonder things like AMP exist. The fact that it disallows third-party scripts is probably the largest contributor to it making sites fast. Controversial as hell, though, in its other choices."