Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
third-party-web
Advanced tools
Data on third party entities and their impact on the web.
This document is a summary of which third party scripts are most responsible for excessive JavaScript execution on the web today.
HTTP Archive is an inititiave that tracks how the web is built. Every month, ~4 million sites are crawled with Lighthouse on mobile. Lighthouse breaks down the total script execution time of each page and attributes the execution to a URL. Using BigQuery, this project aggregates the script execution to the origin-level and assigns each origin to the responsible entity.
The entity classification data is available as an NPM module.
const {getEntity} = require('third-party-web')
const entity = getEntity('https://d36mpcpuzc4ztk.cloudfront.net/js/visitor.js')
console.log(entity)
// {
// "name": "Freshdesk",
// "homepage": "https://freshdesk.com/",
// "categories": ["customer-success"],
// "domains": ["d36mpcpuzc4ztk.cloudfront.net"]
// }
Due to a change in HTTPArchive measurement which temporarily disabled site-isolation (out-of-process iframes), all of the third-parties whose work previously took place off the main-thread are now counted on the main thread (and thus appear in our stats). This is most evident in the change to Google-owned properties such as YouTube and Doubleclick whose complete cost are now captured.
A shortcoming of the attribution approach has been fixed. Total usage is now reported based on the number of pages in the dataset that use the third-party, not the number of scripts. Correspondingly, all average impact times are now reported per page rather than per script. Previously, a third party could appear to have a lower impact or be more popular simply by splitting their work across multiple files.
Third-parties that performed most of their work from a single script should see little to no impact from this change, but some entities have seen significant ranking movement. Hosting providers that host entire pages are, understandably, the most affected.
Some notable changes below:
Third-Party | Previously (per-script) | Now (per-page) |
---|---|---|
Beeketing | 137 ms | 465 ms |
Sumo | 263 ms | 798 ms |
Tumblr | 324 ms | 1499 ms |
Yandex APIs | 393 ms | 1231 ms |
Google Ads | 402 ms | 1285 ms |
Wix | 972 ms | 5393 ms |
Google Ads clarified that www.googletagservices.com
serves more ad scripts than generic tag management, and it has been reclassified accordingly. This has dropped the overall Tag Management share considerably back down to its earlier position.
Almost 2,000 entities tracked now across ~3,000+ domains! Huge props to @simonhearne for making this massive increase possible. Tag Managers have now been split out into their own category since they represented such a large percentage of the "Mixed / Other" category.
Huge props to WordAds for reducing their impact from ~2.5s to ~200ms on average! A few entities are showing considerably less data this cycle (Media Math, Crazy Egg, DoubleVerify, Bootstrap CDN). Perhaps they've added new CDNs/hostnames that we haven't identified or the basket of sites in HTTPArchive has shifted away from their usage.
Across top ~4 million sites, ~2700 origins account for ~57% of all script execution time with the top 50 entities already accounting for ~47%. Third party script execution is the majority chunk of the web today, and it's important to make informed choices.
Each entity has a number of data points available.
This section breaks down third parties by category. The third parties in each category are ranked from first to last based on the average impact of their scripts. Perhaps the most important comparisons lie here. You always need to pick an analytics provider, but at least you can pick the most well-behaved analytics provider.
Unsurprisingly, ads account for the largest identifiable chunk of third party script execution.
These scripts are part of advertising networks, either serving or measuring.
Rank | Name | Usage | Average Impact |
---|---|---|---|
1 | Bidswitch | 2,969 | 6 ms |
2 | ContextWeb | 4,743 | 6 ms |
3 | DeepIntent | 7,406 | 7 ms |
4 | Beachfront Media | 2,012 | 9 ms |
5 | RTB House AdPilot | 1,533 | 11 ms |
6 | OneTag | 8,364 | 16 ms |
7 | TripleLift | 4,566 | 21 ms |
8 | 33 Across | 7,950 | 21 ms |
9 | Sharethrough | 4,238 | 25 ms |
10 | Constant Contact | 9,430 | 26 ms |
11 | Yieldmo | 2,067 | 28 ms |
12 | Tribal Fusion | 9,670 | 34 ms |
13 | AppNexus | 57,074 | 40 ms |
14 | Reklama | 2,448 | 41 ms |
15 | SiteScout | 2,998 | 42 ms |
16 | Quora Ads | 1,895 | 43 ms |
17 | StackAdapt | 3,254 | 45 ms |
18 | Sonobi | 3,294 | 49 ms |
19 | bRealTime | 1,602 | 51 ms |
20 | District M | 20,086 | 55 ms |
21 | OpenX | 14,601 | 56 ms |
22 | GumGum | 23,926 | 58 ms |
23 | Nend | 5,345 | 60 ms |
24 | The Trade Desk | 12,628 | 63 ms |
25 | BlueCava | 5,566 | 64 ms |
26 | Twitter Online Conversion Tracking | 2,759 | 66 ms |
27 | MailMunch | 1,560 | 66 ms |
28 | F@N Communications | 1,660 | 72 ms |
29 | Affiliate Window | 2,777 | 80 ms |
30 | Intercept Interactive | 2,401 | 81 ms |
31 | Scorecard Research | 2,552 | 82 ms |
32 | Drip | 1,479 | 83 ms |
33 | Branch Metrics | 3,396 | 84 ms |
34 | Media Math | 3,122 | 84 ms |
35 | Gemius | 19,944 | 89 ms |
36 | Between Digital | 3,938 | 98 ms |
37 | Tynt | 83,849 | 99 ms |
38 | DTSCOUT | 20,795 | 100 ms |
39 | ExoClick | 2,089 | 102 ms |
40 | OwnerIQ | 2,149 | 107 ms |
41 | i-mobile | 12,272 | 107 ms |
42 | IPONWEB | 3,993 | 108 ms |
43 | Index Exchange | 38,860 | 109 ms |
44 | Adform | 14,807 | 112 ms |
45 | BlueKai | 84,454 | 118 ms |
46 | Tail Target | 2,132 | 120 ms |
47 | FreakOut | 2,835 | 121 ms |
48 | Salesforce.com | 2,605 | 130 ms |
49 | Unbounce | 7,771 | 131 ms |
50 | PushCrew | 1,725 | 138 ms |
51 | Amazon Ads | 67,934 | 139 ms |
52 | LINE Corporation | 13,207 | 140 ms |
53 | Yahoo! | 6,535 | 145 ms |
54 | Bing Ads | 32,273 | 148 ms |
55 | Adscale | 1,432 | 149 ms |
56 | LinkedIn Ads | 4,893 | 161 ms |
57 | Rubicon Project | 131,432 | 166 ms |
58 | Smart AdServer | 8,263 | 174 ms |
59 | STINGRAY | 2,526 | 188 ms |
60 | TrafficStars | 6,169 | 192 ms |
61 | AudienceSearch | 23,576 | 194 ms |
62 | JuicyAds | 2,770 | 210 ms |
63 | Outbrain | 5,223 | 223 ms |
64 | Teads | 3,888 | 223 ms |
65 | VigLink | 37,492 | 240 ms |
66 | Criteo | 114,128 | 244 ms |
67 | Supership | 9,293 | 251 ms |
68 | Crowd Control | 44,477 | 260 ms |
69 | Nativo | 1,524 | 262 ms |
70 | fluct | 5,201 | 263 ms |
71 | Skimbit | 38,143 | 267 ms |
72 | Yandex Ads | 23,603 | 286 ms |
73 | Geniee | 7,516 | 313 ms |
74 | Adroll | 24,690 | 327 ms |
75 | Bizible | 1,656 | 339 ms |
76 | sovrn | 4,246 | 342 ms |
77 | Yahoo! JAPAN Ads | 13,494 | 379 ms |
78 | WordAds | 39,511 | 388 ms |
79 | Mediavine | 8,321 | 403 ms |
80 | Privy | 16,998 | 428 ms |
81 | JustUno | 2,258 | 489 ms |
82 | Cxense | 5,082 | 494 ms |
83 | Taboola | 32,046 | 496 ms |
84 | Pubmatic | 139,231 | 534 ms |
85 | Media.net | 49,448 | 544 ms |
86 | Klaviyo | 67,488 | 587 ms |
87 | Refersion | 3,004 | 608 ms |
88 | LoyaltyLion | 3,441 | 678 ms |
89 | Attentive | 6,245 | 690 ms |
90 | Permutive | 1,686 | 716 ms |
91 | LongTail Ad Solutions | 5,040 | 750 ms |
92 | Sortable | 1,911 | 944 ms |
93 | Moat | 7,308 | 1164 ms |
94 | Infolinks | 4,012 | 1261 ms |
95 | DoubleVerify | 1,411 | 1336 ms |
96 | MGID | 12,030 | 1431 ms |
97 | Integral Ad Science | 4,567 | 1797 ms |
98 | Sizmek | 5,005 | 2013 ms |
99 | Google/Doubleclick Ads | 972,081 | 2028 ms |
100 | Bridgewell DSP | 12,562 | 3051 ms |
These scripts measure or track users and their actions. There's a wide range in impact here depending on what's being tracked.
Rank | Name | Usage | Average Impact |
---|---|---|---|
1 | Sailthru | 2,817 | 55 ms |
2 | StatCounter | 36,804 | 73 ms |
3 | Alexa | 2,327 | 76 ms |
4 | Mouseflow | 2,023 | 76 ms |
5 | Brandmetrics | 2,193 | 76 ms |
6 | Treasure Data | 8,936 | 76 ms |
7 | Roxr Software | 6,861 | 76 ms |
8 | Conversant | 2,631 | 77 ms |
9 | WordPress Site Stats | 18,696 | 82 ms |
10 | Crazy Egg | 19,934 | 89 ms |
11 | LiveRamp IdentityLink | 20,910 | 93 ms |
12 | IBM Acoustic Campaign | 1,036 | 95 ms |
13 | Fastly Insights | 6,659 | 98 ms |
14 | Quantcast | 60,814 | 99 ms |
15 | Amplitude Mobile Analytics | 7,960 | 109 ms |
16 | Google Analytics | 4,308,304 | 113 ms |
17 | Mixpanel | 12,256 | 117 ms |
18 | Stamped.io | 6,289 | 117 ms |
19 | Snowplow | 14,783 | 120 ms |
20 | CleverTap | 1,265 | 127 ms |
21 | Searchanise | 6,478 | 135 ms |
22 | Chartbeat | 6,693 | 147 ms |
23 | Heap | 6,385 | 153 ms |
24 | etracker | 2,728 | 156 ms |
25 | Qualtrics | 3,031 | 163 ms |
26 | CallRail | 12,654 | 164 ms |
27 | Smart Insight Tracking | 1,927 | 180 ms |
28 | Marchex | 5,557 | 180 ms |
29 | Matomo | 1,632 | 182 ms |
30 | Braze | 1,212 | 192 ms |
31 | Trust Pilot | 26,742 | 207 ms |
32 | Google Optimize | 26,875 | 218 ms |
33 | Reviews.io | 1,107 | 218 ms |
34 | Reviews.co.uk | 1,938 | 228 ms |
35 | Parse.ly | 2,994 | 259 ms |
36 | Baidu Analytics | 21,089 | 269 ms |
37 | Marketo | 1,369 | 289 ms |
38 | Net Reviews | 3,905 | 292 ms |
39 | PageSense | 2,438 | 307 ms |
40 | Pendo | 2,347 | 310 ms |
41 | mPulse | 21,908 | 311 ms |
42 | Evidon | 4,224 | 313 ms |
43 | Usabilla | 1,347 | 320 ms |
44 | TruConversion | 1,069 | 338 ms |
45 | VWO | 6,718 | 341 ms |
46 | BowNow | 1,224 | 365 ms |
47 | Convert Insights | 1,586 | 379 ms |
48 | Segment | 15,140 | 426 ms |
49 | Hotjar | 259,015 | 438 ms |
50 | Clerk.io ApS | 1,623 | 472 ms |
51 | Bazaarvoice | 2,523 | 509 ms |
52 | Nielsen NetRatings SiteCensus | 18,498 | 514 ms |
53 | FullStory | 8,318 | 526 ms |
54 | Kampyle | 1,054 | 541 ms |
55 | Snapchat | 28,791 | 554 ms |
56 | ContentSquare | 2,134 | 559 ms |
57 | Nosto | 1,484 | 594 ms |
58 | TrackJS | 1,601 | 719 ms |
59 | Optimizely | 27,437 | 746 ms |
60 | Feefo.com | 1,929 | 756 ms |
61 | PowerReviews | 1,313 | 825 ms |
62 | BounceX | 1,646 | 905 ms |
63 | Gigya | 2,303 | 929 ms |
64 | Salesforce | 7,204 | 947 ms |
65 | Revolver Maps | 1,681 | 999 ms |
66 | Lucky Orange | 11,842 | 1010 ms |
67 | Yandex Metrica | 372,651 | 1010 ms |
68 | SessionCam | 1,249 | 1025 ms |
69 | Inspectlet | 5,089 | 1111 ms |
70 | Dynatrace | 1,017 | 1197 ms |
71 | KARTE | 1,359 | 1250 ms |
72 | AB Tasty | 3,772 | 1340 ms |
73 | Histats | 18,722 | 1874 ms |
74 | Ezoic | 2,122 | 2078 ms |
These scripts enable social features.
Rank | Name | Usage | Average Impact |
---|---|---|---|
1 | AddToAny | 42,529 | 80 ms |
2 | 124,652 | 103 ms | |
3 | Shareaholic | 1,021 | 108 ms |
4 | 1,166 | 147 ms | |
5 | 14,592 | 221 ms | |
6 | 2,084,243 | 255 ms | |
7 | TikTok | 66,563 | 308 ms |
8 | AddShoppers | 1,547 | 313 ms |
9 | ShareThis | 104,092 | 315 ms |
10 | 286,904 | 343 ms | |
11 | Kakao | 28,534 | 396 ms |
12 | 6,010 | 828 ms | |
13 | AddThis | 119,408 | 974 ms |
14 | SocialShopWave | 3,403 | 1451 ms |
15 | VK | 40,210 | 1473 ms |
16 | PIXNET | 15,332 | 2110 ms |
17 | Tumblr | 14,801 | 2418 ms |
18 | LiveJournal | 4,814 | 2939 ms |
These scripts enable video player and streaming functionality.
Rank | Name | Usage | Average Impact |
---|---|---|---|
1 | Twitch | 1,019 | 56 ms |
2 | Vimeo | 55,804 | 356 ms |
3 | Brightcove | 12,697 | 1261 ms |
4 | Wistia | 15,065 | 2276 ms |
5 | YouTube | 559,091 | 3195 ms |
These scripts are developer utilities (API clients, site monitoring, fraud detection, etc).
Rank | Name | Usage | Average Impact |
---|---|---|---|
1 | Accessibe | 4,829 | 73 ms |
2 | Siteimprove | 5,272 | 80 ms |
3 | Seznam | 14,432 | 82 ms |
4 | iovation | 1,869 | 100 ms |
5 | Cloudflare | 78,437 | 107 ms |
6 | New Relic | 97,453 | 114 ms |
7 | iubenda | 34,029 | 120 ms |
8 | Key CDN | 3,497 | 125 ms |
9 | Klevu Search | 1,402 | 137 ms |
10 | Highcharts | 1,716 | 159 ms |
11 | Foxentry | 1,063 | 160 ms |
12 | TrustArc | 3,845 | 175 ms |
13 | Hexton | 22,100 | 181 ms |
14 | LightWidget | 7,864 | 198 ms |
15 | OneSignal | 62,786 | 225 ms |
16 | Riskified | 1,092 | 236 ms |
17 | Cookiebot | 55,639 | 240 ms |
18 | GitHub | 3,439 | 241 ms |
19 | Bold Commerce | 16,235 | 263 ms |
20 | Swiftype | 1,166 | 264 ms |
21 | Cookie-Script.com | 5,083 | 266 ms |
22 | Trusted Shops | 13,944 | 274 ms |
23 | Other Google APIs/SDKs | 1,297,162 | 285 ms |
24 | Affirm | 4,681 | 293 ms |
25 | Google reCAPTCHA | 8,854 | 329 ms |
26 | GetSiteControl | 3,069 | 391 ms |
27 | WisePops | 2,851 | 404 ms |
28 | Fastly | 24,865 | 425 ms |
29 | Amazon Pay | 3,928 | 426 ms |
30 | Forter | 1,563 | 470 ms |
31 | AppDynamics | 2,029 | 470 ms |
32 | PayPal | 28,366 | 489 ms |
33 | Mapbox | 9,079 | 510 ms |
34 | GoDaddy | 22,215 | 568 ms |
35 | Google Maps | 657,418 | 576 ms |
36 | Bugsnag | 6,014 | 594 ms |
37 | Sentry | 21,964 | 613 ms |
38 | Luigi’s Box | 1,270 | 638 ms |
39 | Stripe | 46,463 | 738 ms |
40 | MaxCDN Enterprise | 7,027 | 980 ms |
41 | Vidyard | 1,331 | 1204 ms |
42 | Secomapp | 4,078 | 1415 ms |
43 | Yandex APIs | 18,529 | 2056 ms |
44 | Freshchat | 5,647 | 2340 ms |
45 | Rambler | 11,257 | 3045 ms |
46 | Esri ArcGIS | 1,848 | 3958 ms |
47 | POWr | 23,595 | 4094 ms |
These scripts are from web hosting platforms (WordPress, Wix, Squarespace, etc). Note that in this category, this can sometimes be the entirety of script on the page, and so the "impact" rank might be misleading. In the case of WordPress, this just indicates the libraries hosted and served by WordPress not all sites using self-hosted WordPress.
Rank | Name | Usage | Average Impact |
---|---|---|---|
1 | Blogger | 88,978 | 177 ms |
2 | Civic | 2,905 | 224 ms |
3 | WordPress | 175,204 | 537 ms |
4 | Ecwid | 3,126 | 888 ms |
5 | Dealer | 1,449 | 1033 ms |
6 | Shopify | 224,160 | 1831 ms |
7 | Tilda | 22,245 | 2052 ms |
8 | Squarespace | 69,369 | 2083 ms |
9 | Weebly | 21,559 | 2214 ms |
10 | Salesforce Commerce Cloud | 3,278 | 2441 ms |
11 | Hatena Blog | 21,310 | 2805 ms |
12 | Wix | 139,882 | 3086 ms |
13 | WebsiteBuilder.com | 1,408 | 4106 ms |
These scripts are from marketing tools that add popups/newsletters/etc.
Rank | Name | Usage | Average Impact |
---|---|---|---|
1 | Madison Logic | 1,111 | 69 ms |
2 | DemandBase | 1,849 | 89 ms |
3 | Beeketing | 2,738 | 142 ms |
4 | Albacross | 2,025 | 149 ms |
5 | iZooto | 1,724 | 152 ms |
6 | Pardot | 1,516 | 160 ms |
7 | Sojern | 1,060 | 231 ms |
8 | Listrak | 1,207 | 277 ms |
9 | Judge.me | 21,552 | 323 ms |
10 | Mailchimp | 34,723 | 324 ms |
11 | Hubspot | 75,834 | 397 ms |
12 | RD Station | 15,819 | 407 ms |
13 | Yotpo | 18,100 | 501 ms |
14 | OptinMonster | 4,681 | 525 ms |
15 | Wishpond Technologies | 1,066 | 566 ms |
16 | PureCars | 2,680 | 1052 ms |
17 | Sumo | 14,134 | 1251 ms |
18 | Bigcommerce | 12,867 | 1808 ms |
19 | Drift | 6,275 | 3348 ms |
20 | Tray Commerce | 7,409 | 8661 ms |
These scripts are from customer support/marketing providers that offer chat and contact solutions. These scripts are generally heavier in weight.
Rank | Name | Usage | Average Impact |
---|---|---|---|
1 | SnapEngage | 1,313 | 69 ms |
2 | Foursixty | 1,777 | 158 ms |
3 | BoldChat | 1,544 | 165 ms |
4 | Tidio Live Chat | 24,408 | 218 ms |
5 | Pure Chat | 4,593 | 287 ms |
6 | LiveTex | 1,748 | 329 ms |
7 | LivePerson | 3,974 | 423 ms |
8 | Comm100 | 1,146 | 644 ms |
9 | Intercom | 18,411 | 672 ms |
10 | Smartsupp | 19,185 | 729 ms |
11 | iPerceptions | 3,842 | 729 ms |
12 | LiveChat | 22,979 | 786 ms |
13 | Help Scout | 2,980 | 806 ms |
14 | Tawk.to | 79,685 | 865 ms |
15 | Jivochat | 57,192 | 986 ms |
16 | ContactAtOnce | 1,454 | 1005 ms |
17 | Olark | 6,986 | 1137 ms |
18 | ZenDesk | 69,695 | 1166 ms |
19 | Dynamic Yield | 1,420 | 2263 ms |
These scripts are from content providers or publishing-specific affiliate tracking.
Rank | Name | Usage | Average Impact |
---|---|---|---|
1 | Accuweather | 1,067 | 127 ms |
2 | CPEx | 1,271 | 154 ms |
3 | SnapWidget | 9,852 | 223 ms |
4 | OpenTable | 3,672 | 263 ms |
5 | Booking.com | 2,002 | 267 ms |
6 | Covert Pics | 2,063 | 326 ms |
7 | Tencent | 5,409 | 331 ms |
8 | Revcontent | 1,027 | 450 ms |
9 | AMP | 72,557 | 861 ms |
10 | Embedly | 3,969 | 1200 ms |
11 | Hotmart | 1,355 | 1298 ms |
12 | Spotify | 4,933 | 1606 ms |
13 | SoundCloud | 4,288 | 1999 ms |
14 | issuu | 2,112 | 2285 ms |
15 | Dailymotion | 3,301 | 6711 ms |
16 | Medium | 5,866 | 15098 ms |
These are a mixture of publicly hosted open source libraries (e.g. jQuery) served over different public CDNs and private CDN usage. This category is unique in that the origin may have no responsibility for the performance of what's being served. Note that rank here does not imply one CDN is better than the other. It simply indicates that the scripts being served from that origin are lighter/heavier than the ones served by another.
Rank | Name | Usage | Average Impact |
---|---|---|---|
1 | Google Fonts | 72,889 | 0 ms |
2 | Bootstrap CDN | 18,998 | 29 ms |
3 | FontAwesome CDN | 133,621 | 154 ms |
4 | Adobe TypeKit | 27,304 | 162 ms |
5 | Monotype | 4,851 | 194 ms |
6 | Microsoft Hosted Libs | 16,866 | 199 ms |
7 | jQuery CDN | 363,260 | 305 ms |
8 | Azure Web Services | 27,929 | 354 ms |
9 | JSDelivr CDN | 169,287 | 383 ms |
10 | Cloudflare CDN | 277,777 | 430 ms |
11 | Bootstrap Chinese network | 1,096 | 465 ms |
12 | Akamai | 10,579 | 468 ms |
13 | Google CDN | 1,808,969 | 570 ms |
14 | Fort Awesome | 1,095 | 575 ms |
15 | Unpkg | 39,513 | 657 ms |
16 | Yandex CDN | 95,892 | 1022 ms |
17 | CreateJS CDN | 3,667 | 4309 ms |
These scripts tend to load lots of other scripts and initiate many tasks.
Rank | Name | Usage | Average Impact |
---|---|---|---|
1 | BrightTag / Signal | 3,551 | 157 ms |
2 | Yahoo! Tag Manager | 10,408 | 158 ms |
3 | Google Tag Manager | 3,227,721 | 198 ms |
4 | TagCommander | 1,238 | 296 ms |
5 | Adobe Tag Manager | 50,511 | 553 ms |
6 | Ensighten | 3,738 | 561 ms |
7 | Tealium | 17,723 | 636 ms |
IAB Consent Management Providers are the 'Cookie Consent' popups used by many publishers. They're invoked for every page and sit on the critical path between a page loading and adverts being displayed.
Rank | Name | Usage | Average Impact |
---|---|---|---|
1 | Consent Manager CMP | 3,984 | 260 ms |
2 | Optanon | 55,110 | 301 ms |
3 | Quantcast Choice | 26,290 | 434 ms |
These are miscellaneous scripts delivered via a shared origin with no precise category or attribution. Help us out by identifying more origins!
Rank | Name | Usage | Average Impact |
---|---|---|---|
1 | ResponsiveVoice | 2,753 | 67 ms |
2 | ReadSpeaker | 2,591 | 101 ms |
3 | Skype | 1,105 | 213 ms |
4 | Browsealoud | 1,449 | 263 ms |
5 | Amazon Web Services | 67,304 | 268 ms |
6 | Parking Crew | 2,761 | 444 ms |
7 | Calendly | 2,707 | 711 ms |
8 | Polyfill service | 2,106 | 920 ms |
9 | Heroku | 10,912 | 2638 ms |
10 | uLogin | 1,834 | 2704 ms |
This section highlights the entities responsible for the most script execution across the web. This helps inform which improvements would have the largest total impact.
Name | Popularity | Total Impact | Average Impact |
---|---|---|---|
Google/Doubleclick Ads | 972,081 | 1,971,164 s | 2028 ms |
YouTube | 559,091 | 1,786,348 s | 3195 ms |
Google CDN | 1,808,969 | 1,030,557 s | 570 ms |
Google Tag Manager | 3,227,721 | 638,263 s | 198 ms |
2,084,243 | 532,046 s | 255 ms | |
Google Analytics | 4,308,304 | 488,799 s | 113 ms |
Wix | 139,882 | 431,735 s | 3086 ms |
Shopify | 224,160 | 410,465 s | 1831 ms |
Google Maps | 657,418 | 378,448 s | 576 ms |
Yandex Metrica | 372,651 | 376,413 s | 1010 ms |
Other Google APIs/SDKs | 1,297,162 | 369,594 s | 285 ms |
Squarespace | 69,369 | 144,486 s | 2083 ms |
Cloudflare CDN | 277,777 | 119,413 s | 430 ms |
AddThis | 119,408 | 116,294 s | 974 ms |
Hotjar | 259,015 | 113,322 s | 438 ms |
jQuery CDN | 363,260 | 110,909 s | 305 ms |
286,904 | 98,505 s | 343 ms | |
Yandex CDN | 95,892 | 98,036 s | 1022 ms |
POWr | 23,595 | 96,590 s | 4094 ms |
WordPress | 175,204 | 94,036 s | 537 ms |
Medium | 5,866 | 88,568 s | 15098 ms |
ZenDesk | 69,695 | 81,244 s | 1166 ms |
Pubmatic | 139,231 | 74,342 s | 534 ms |
Tawk.to | 79,685 | 68,918 s | 865 ms |
JSDelivr CDN | 169,287 | 64,856 s | 383 ms |
Tray Commerce | 7,409 | 64,170 s | 8661 ms |
AMP | 72,557 | 62,500 s | 861 ms |
Hatena Blog | 21,310 | 59,785 s | 2805 ms |
VK | 40,210 | 59,232 s | 1473 ms |
Jivochat | 57,192 | 56,393 s | 986 ms |
Weebly | 21,559 | 47,738 s | 2214 ms |
Tilda | 22,245 | 45,641 s | 2052 ms |
Klaviyo | 67,488 | 39,609 s | 587 ms |
Bridgewell DSP | 12,562 | 38,321 s | 3051 ms |
Yandex APIs | 18,529 | 38,092 s | 2056 ms |
Tumblr | 14,801 | 35,789 s | 2418 ms |
Histats | 18,722 | 35,079 s | 1874 ms |
Stripe | 46,463 | 34,299 s | 738 ms |
Wistia | 15,065 | 34,290 s | 2276 ms |
Rambler | 11,257 | 34,274 s | 3045 ms |
ShareThis | 104,092 | 32,806 s | 315 ms |
PIXNET | 15,332 | 32,344 s | 2110 ms |
Hubspot | 75,834 | 30,119 s | 397 ms |
Heroku | 10,912 | 28,789 s | 2638 ms |
Adobe Tag Manager | 50,511 | 27,929 s | 553 ms |
Criteo | 114,128 | 27,856 s | 244 ms |
Media.net | 49,448 | 26,917 s | 544 ms |
Unpkg | 39,513 | 25,964 s | 657 ms |
Bigcommerce | 12,867 | 23,264 s | 1808 ms |
Dailymotion | 3,301 | 22,152 s | 6711 ms |
Rubicon Project | 131,432 | 21,883 s | 166 ms |
Drift | 6,275 | 21,011 s | 3348 ms |
FontAwesome CDN | 133,621 | 20,596 s | 154 ms |
TikTok | 66,563 | 20,512 s | 308 ms |
Optimizely | 27,437 | 20,462 s | 746 ms |
Vimeo | 55,804 | 19,893 s | 356 ms |
LiveChat | 22,979 | 18,069 s | 786 ms |
Amazon Web Services | 67,304 | 18,016 s | 268 ms |
Sumo | 14,134 | 17,688 s | 1251 ms |
MGID | 12,030 | 17,221 s | 1431 ms |
Optanon | 55,110 | 16,603 s | 301 ms |
Brightcove | 12,697 | 16,010 s | 1261 ms |
Snapchat | 28,791 | 15,938 s | 554 ms |
Taboola | 32,046 | 15,883 s | 496 ms |
CreateJS CDN | 3,667 | 15,800 s | 4309 ms |
Blogger | 88,978 | 15,787 s | 177 ms |
WordAds | 39,511 | 15,324 s | 388 ms |
LiveJournal | 4,814 | 14,151 s | 2939 ms |
OneSignal | 62,786 | 14,127 s | 225 ms |
Smartsupp | 19,185 | 13,992 s | 729 ms |
PayPal | 28,366 | 13,870 s | 489 ms |
Sentry | 21,964 | 13,456 s | 613 ms |
Cookiebot | 55,639 | 13,368 s | 240 ms |
Freshchat | 5,647 | 13,212 s | 2340 ms |
124,652 | 12,872 s | 103 ms | |
GoDaddy | 22,215 | 12,612 s | 568 ms |
Intercom | 18,411 | 12,373 s | 672 ms |
Lucky Orange | 11,842 | 11,955 s | 1010 ms |
Crowd Control | 44,477 | 11,556 s | 260 ms |
Quantcast Choice | 26,290 | 11,405 s | 434 ms |
Kakao | 28,534 | 11,286 s | 396 ms |
Tealium | 17,723 | 11,268 s | 636 ms |
Mailchimp | 34,723 | 11,260 s | 324 ms |
New Relic | 97,453 | 11,134 s | 114 ms |
Fastly | 24,865 | 10,573 s | 425 ms |
Skimbit | 38,143 | 10,179 s | 267 ms |
Sizmek | 5,005 | 10,075 s | 2013 ms |
BlueKai | 84,454 | 9,985 s | 118 ms |
Azure Web Services | 27,929 | 9,884 s | 354 ms |
Nielsen NetRatings SiteCensus | 18,498 | 9,505 s | 514 ms |
Amazon Ads | 67,934 | 9,434 s | 139 ms |
Yotpo | 18,100 | 9,068 s | 501 ms |
VigLink | 37,492 | 9,016 s | 240 ms |
SoundCloud | 4,288 | 8,574 s | 1999 ms |
Moat | 7,308 | 8,506 s | 1164 ms |
Cloudflare | 78,437 | 8,380 s | 107 ms |
Tynt | 83,849 | 8,307 s | 99 ms |
Integral Ad Science | 4,567 | 8,208 s | 1797 ms |
Adroll | 24,690 | 8,086 s | 327 ms |
Salesforce Commerce Cloud | 3,278 | 8,002 s | 2441 ms |
Olark | 6,986 | 7,946 s | 1137 ms |
Spotify | 4,933 | 7,923 s | 1606 ms |
Esri ArcGIS | 1,848 | 7,315 s | 3958 ms |
Privy | 16,998 | 7,278 s | 428 ms |
Judge.me | 21,552 | 6,965 s | 323 ms |
MaxCDN Enterprise | 7,027 | 6,886 s | 980 ms |
mPulse | 21,908 | 6,823 s | 311 ms |
Salesforce | 7,204 | 6,819 s | 947 ms |
Yandex Ads | 23,603 | 6,740 s | 286 ms |
Segment | 15,140 | 6,445 s | 426 ms |
RD Station | 15,819 | 6,444 s | 407 ms |
Quantcast | 60,814 | 6,005 s | 99 ms |
Google Optimize | 26,875 | 5,857 s | 218 ms |
WebsiteBuilder.com | 1,408 | 5,782 s | 4106 ms |
Secomapp | 4,078 | 5,769 s | 1415 ms |
Baidu Analytics | 21,089 | 5,681 s | 269 ms |
Inspectlet | 5,089 | 5,653 s | 1111 ms |
Trust Pilot | 26,742 | 5,543 s | 207 ms |
Tidio Live Chat | 24,408 | 5,327 s | 218 ms |
Yahoo! JAPAN Ads | 13,494 | 5,116 s | 379 ms |
Infolinks | 4,012 | 5,061 s | 1261 ms |
AB Tasty | 3,772 | 5,055 s | 1340 ms |
6,010 | 4,975 s | 828 ms | |
uLogin | 1,834 | 4,959 s | 2704 ms |
Akamai | 10,579 | 4,950 s | 468 ms |
SocialShopWave | 3,403 | 4,939 s | 1451 ms |
issuu | 2,112 | 4,827 s | 2285 ms |
Bing Ads | 32,273 | 4,774 s | 148 ms |
Embedly | 3,969 | 4,764 s | 1200 ms |
Mapbox | 9,079 | 4,628 s | 510 ms |
AudienceSearch | 23,576 | 4,583 s | 194 ms |
Adobe TypeKit | 27,304 | 4,412 s | 162 ms |
Ezoic | 2,122 | 4,409 s | 2078 ms |
FullStory | 8,318 | 4,377 s | 526 ms |
Attentive | 6,245 | 4,307 s | 690 ms |
Bold Commerce | 16,235 | 4,266 s | 263 ms |
Index Exchange | 38,860 | 4,253 s | 109 ms |
iubenda | 34,029 | 4,077 s | 120 ms |
Hexton | 22,100 | 3,997 s | 181 ms |
Trusted Shops | 13,944 | 3,827 s | 274 ms |
LongTail Ad Solutions | 5,040 | 3,782 s | 750 ms |
Bugsnag | 6,014 | 3,572 s | 594 ms |
fam | 967 | 3,429 s | 3546 ms |
AddToAny | 42,529 | 3,392 s | 80 ms |
Mediavine | 8,321 | 3,357 s | 403 ms |
Microsoft Hosted Libs | 16,866 | 3,349 s | 199 ms |
14,592 | 3,231 s | 221 ms | |
Dynamic Yield | 1,420 | 3,213 s | 2263 ms |
Google reCAPTCHA | 8,854 | 2,912 s | 329 ms |
PureCars | 2,680 | 2,820 s | 1052 ms |
iPerceptions | 3,842 | 2,802 s | 729 ms |
Ecwid | 3,126 | 2,776 s | 888 ms |
StatCounter | 36,804 | 2,698 s | 73 ms |
Wicked Reports | 747 | 2,657 s | 3557 ms |
LoopMe | 483 | 2,629 s | 5442 ms |
Cxense | 5,082 | 2,512 s | 494 ms |
OptinMonster | 4,681 | 2,460 s | 525 ms |
Admixer for Publishers | 1,204 | 2,422 s | 2011 ms |
Help Scout | 2,980 | 2,401 s | 806 ms |
Geniee | 7,516 | 2,353 s | 313 ms |
Supership | 9,293 | 2,336 s | 251 ms |
LoyaltyLion | 3,441 | 2,332 s | 678 ms |
VWO | 6,718 | 2,288 s | 341 ms |
AppNexus | 57,074 | 2,276 s | 40 ms |
SnapWidget | 9,852 | 2,196 s | 223 ms |
Disqus | 981 | 2,155 s | 2197 ms |
Gigya | 2,303 | 2,139 s | 929 ms |
Ensighten | 3,738 | 2,097 s | 561 ms |
DTSCOUT | 20,795 | 2,090 s | 100 ms |
CallRail | 12,654 | 2,076 s | 164 ms |
piano | 1,375 | 2,013 s | 1464 ms |
LiveRamp IdentityLink | 20,910 | 1,951 s | 93 ms |
Polyfill service | 2,106 | 1,938 s | 920 ms |
Calendly | 2,707 | 1,925 s | 711 ms |
Yieldify | 444 | 1,892 s | 4262 ms |
DoubleVerify | 1,411 | 1,885 s | 1336 ms |
LINE Corporation | 13,207 | 1,853 s | 140 ms |
Refersion | 3,004 | 1,828 s | 608 ms |
Sortable | 1,911 | 1,805 s | 944 ms |
SearchSpring | 608 | 1,795 s | 2953 ms |
Tencent | 5,409 | 1,789 s | 331 ms |
Crazy Egg | 19,934 | 1,782 s | 89 ms |
Gemius | 19,944 | 1,781 s | 89 ms |
Snowplow | 14,783 | 1,768 s | 120 ms |
Hotmart | 1,355 | 1,758 s | 1298 ms |
KARTE | 1,359 | 1,699 s | 1250 ms |
LivePerson | 3,974 | 1,679 s | 423 ms |
Revolver Maps | 1,681 | 1,679 s | 999 ms |
Amazon Pay | 3,928 | 1,672 s | 426 ms |
Adform | 14,807 | 1,660 s | 112 ms |
Yahoo! Tag Manager | 10,408 | 1,645 s | 158 ms |
Vidyard | 1,331 | 1,602 s | 1204 ms |
LightWidget | 7,864 | 1,559 s | 198 ms |
Adyen | 965 | 1,548 s | 1604 ms |
WordPress Site Stats | 18,696 | 1,537 s | 82 ms |
Dealer | 1,449 | 1,497 s | 1033 ms |
Okas Concepts | 639 | 1,495 s | 2339 ms |
BounceX | 1,646 | 1,490 s | 905 ms |
ContactAtOnce | 1,454 | 1,462 s | 1005 ms |
Feefo.com | 1,929 | 1,458 s | 756 ms |
This can be for one of several reasons:
Total Occurrences is the number of pages on which the entity is included.
The HTTP Archive dataset includes Lighthouse reports for each URL on mobile. Lighthouse has an audit called "bootup-time" that summarizes the amount of time that each script spent on the main thread. The "Average Impact" for an entity is the total execution time of scripts whose domain matches one of the entity's domains divided by the total number of pages that included the entity.
Average Impact = Total Execution Time / Total Occurrences
Lighthouse's bootup time audit attempts to attribute all toplevel main-thread tasks to a URL. A main thread task is attributed to the first script URL found in the stack. If you're interested in helping us improve this logic, see Contributing for details.
Verify that the origins in data/entities.js
are correct. Most issues will simply be the result of mislabelling of shared origins. If everything checks out, there is likely no further action and the data is valid. If you still believe there's errors, file an issue to discuss futher.
Only about 90% of the third party script execution has been assigned to an entity. We could use your help identifying the rest! See Contributing for details.
A huge thanks to @simonhearne and @soulgalore for their assistance in classifying additional domains!
The domain->entity mapping can be found in data/entities.js
. Adding a new entity is as simple as adding a new array item with the following form.
{
"name": "Facebook",
"homepage": "https://www.facebook.com",
"categories": ["social"],
"domains": [
"*.facebook.com",
"*.fbcdn.net"
],
"examples": [
"www.facebook.com",
"connect.facebook.net",
"staticxx.facebook.com",
"static.xx.fbcdn.net",
"m.facebook.com"
]
}
The logic for attribution to individual script URLs can be found in the Lighthouse repo. File an issue over there to discuss further.
This is now automated! Run yarn start:update-ha-data
with a gcp-credentials.json
file in the root directory of this project (look at bin/automated-update.js
for the steps involved).
This README is auto-generated from the templates lib/
and the computed data. In order to update the charts, you'll need to make sure you have cairo
installed locally in addition to yarn install
.
# Install `cairo` and dependencies for node-canvas
brew install pkg-config cairo pango libpng jpeg giflib
# Build the requirements in this repo
yarn build
# Regenerate the README
yarn start
The web code is located in www/
directory of this repository. Open a PR to make changes.
FAQs
Categorized data on third party entities on the web.
The npm package third-party-web receives a total of 904,191 weekly downloads. As such, third-party-web popularity was classified as popular.
We found that third-party-web demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.