Tracking scripts, privacy and performance
So earlier this week I wrote a post with some recommendations for website owners to help them keep abreast of online privacy requirements. The post came out of internal discussions about where we stand on the online privacy issue – specifically as creators of websites. What should our defaults be as regards to handling personal data when we’re building sites in 2022? The discussion encompassed an awareness of increased enforcement of privacy laws, and also took into account Freshleaf’s organisational values.
We took the position that, since we’re building sites, there is a responsibility on us to set standards and to guide discussions in the right direction. Now – amongst other things - all our new sites include compliant cookie management, and lean towards self hosting third-party scripts and services where possible. We no longer install Google Analytics as standard. Instead, we open discussions about whether tracking scripts are required, and if so whether more privacy-respecting options could be used instead. We won’t mandate any of this, of course – that’s not how we operate. But we wanted to establish good defaults.
But then, of course, we needed to look at existing sites – and just as importantly, to our own site. The current iteration was built five or six years ago, and although there’s a new iteration due soon, the existing version hadn’t been audited for a while. Housekeeping time!
If a site’s been running a few years, it’s funny what you find in there. In addition to Google Analytics, there were tracking scripts for Hubspot, Hotjar, Lead-in and Add-This, which no-one even remembers adding, and which were not actively being used. All of these were removed, meaning that the Freshleaf website doesn’t require cookie management (it sets no cookies which contain PII). Additionally, the site was switched to self-hosting Google Fonts, to avoid leaking IP addresses to Google when fetching fonts.
Interestingly, my last post mentioned that removing the burden of tracking scripts can often result in performance improvements. So just to illustrate that, here’s the numbers from the Freshleaf website before and after removing the scripts, using PageSpeed Insights metrics. The numbers are below and the on the graph the green = desktop and yellow = mobile, over the period of seven days when the change was made.
- Desktop - before: 93, after: 97
- Mobile - before: 60, after: 95
Which raises the question – do you know what tracking scripts and other legacy gubbins are in your website? And how much faster could it run without them?