It’s Black Friday, and you’re quietly confident. You’ve planned your marketing campaign in meticulous detail.
You’re expecting a lot of extra website traffic, but you’ve taken steps to make sure you can deal with it.
Your beautifully crafted home page and offer pages are as light as they possibly can be – images are fully optimised, and redundant content has been removed.
Your systems have also been thoroughly tested, and they should be able to cope with visitor numbers far in excess of your wildest hopes and expectations.
So when someone tells you your website is down, it comes as a shock.
Would-be customers are complaining. Your call centre can’t cope. All your plans are unravelling, and you want to know why.
Fortunately, it’s not long before you find out. It turns out that the problem is not with your systems, but with someone else’s.
Like most retailers, you include a large amount of third-party tags on your site. You use them for advertising, remarketing, tracking and analytics.
Unfortunately, you’ve loaded this content in such a way that it can block your own content from being displayed.
Normally, this doesn’t matter. Normally, you can rely on the third-party systems to be every bit as reliable as your own.
Not today, though.
Today, they’re experiencing unprecedented levels of demand. This isn’t just because you’re busier than usual. It’s because virtually everyone who uses the same services is busier than usual.
The quick fix is to take the offending content off your site, but this is far from ideal – it brought in a lot of revenue.
Still, for now, it’s the only solution. Unfortunately, a vast amount of damage has already been done.
I’ve painted the picture of a nightmare scenario here, and for good reason. However, while the danger is real for some websites, I wouldn’t want to suggest it’s the most likely outcome.
Third-party services should be testing and preparing for peaks in traffic in the same meticulous way that you are.
The point is that you don’t always have full control over every element on your website, and you need to factor that into your planning.
When load testing your own systems, you’ll generally exclude third-party services from the test (you shouldn’t test their systems without their permission, and it wouldn’t necessarily yield useful results if you did).
This leaves the door open for something to go wrong when, from your point of view, you’ve done everything right.
Minimising the risk
The simplest way to reduce the risk to your site is to make sure that any third-party scripts – including your tag management solution if you have one – are loaded asynchronously (non-blocking).
This means that web browsers can continue to build and display your web page while waiting for the third-party files to load.
Synchronous (blocking) scripts can stop your page from being displayed if they take too long to load.
Many third-party services are now asynchronous by default or at least have optional asynchronous implementations.
However, not all of them do, and you also need to be aware of any old, synchronous references on your website.
Even loading third-party scripts asynchronously won’t necessarily eliminate all risk.
It depends what the scripts do – for example, anything that brings in additional style sheets could interfere with how your web page is displayed, whether or not it’s load asynchronously.
It’s therefore important to audit the third-party content on your site, to understand what it does, how it’s loaded and what would happen if it failed for some reason.
What you’re looking for are single points of failure – things that would stop your website from doing its job if they stopped doing theirs.
What do you do when you find them?
We’ve seen that including third-party content on your website can be a risky business, but thousands of websites still do it.
The reason is simple: third-party services frequently offer immense value. Advertising and remarketing tags, for example, can bring in huge amounts of revenue to retailers and publishers.
Part of the auditing process should therefore involve weighing up the costs and benefits of third-party content.
If there’s something that can only be loaded synchronously and that offers little value, perhaps you’ll decide to take it off altogether.
If it’s an important, revenue-generating service, perhaps you’ll try to load it in a different way or else discuss SLAs with the provider.
Ultimately, the important thing is to reclaim as much control as you can over the content on your website.
Simply by including a third-party script, you give up an element of that control, but by taking a few simple steps, it should be possible to mitigate the associated risks.
For more on this topic, read: