Facebook Takes Down Web: Third-Party JavaScript Strikes Again
JavaScript performance is always on the mind of engineers as they chip away at average page load times. But occasionally a JavaScript failure is so bad that it bubbles up to the attention of the average web user. That’s exactly what happened last Friday, when the “”Login with Facebook”” script took down a number of sites completely. Any users who happened to be logged into Facebook (so: many, many users) were redirected away from sites like CNN, Gawker, MSNBC and others, to be shown a Facebook error page. (See video below courtesy of AllThingsD)
How Did JavaScript Get So Risky?
In the past 5-7 years the web has exploded in complexity, fueled by advances in web development that enabled social media to spread its tentacles around the web. The result is web pages that are bigger and more diverse than ever before.
Increasing complexity has come with growing pains. In an effort to keep up with the zeitgeist, site owners have begun stuffing their pages with dynamic JavaScript provided by social media sites. The average site now has around 8 JavaScript files but on the higher end 20 or 30+ are not uncommon. Many site owners are not aware of the extent to which those scripts can impact page performance.
Since these JavaScript files serve dynamic content from a third party ? an entity that the site owner has no control over ? they are frequently at the root of frustrating site performance issues. We analyzed the 12 worst JavaScript offenders and found that even the most popular JavaScript files can be problematic, with outages or bugs affecting sites 1-2% of the time. In a world where every millisecond counts for user experience online, that?s more than enough to impact engagement and business metrics.
Mitigating Performance Risk
Unfortunately, outages like last week’s are not a strange occurrence. The Facebook widget in particular is known for poor performance, as we found in an analysis of the widget across many locations. Usually “”poor performance”” means the widget delays a page’s Time to Interact by a few seconds. But it can occasionally become catastrophic, as we saw Friday.
The creators of third party scripts like Facebook’s appear to be slow to make strides to improve out-of-the-box performance. That’s why it?s up to you, the website owner or developer, to take precautions. The best things you can do to protect your site are:
- Use fewer JavaScript files. Think of the performance cost of a script in monetary terms. Adding JS has an inherent performance cost and performance risk. Think about the ROI. If it?s not useful for your business goals, don?t keep it on your site just because it?s popular or nice looking.
- Make sure all JavaScript loads asynchronously. This requires a developer to change the way the script is called from your site, but loading asynchronously will keep JS from blocking other assets on your site from downloading while it downloads. More info on asynch loading here.
- Concatenate and compress scripts wherever possible. This won?t keep scripts from having errors caused by delivery of the content, but it will reduce the average performance impact considerably, making your site faster on a daily basis. More info here: concatenating and compressing scripts.