Cloud

GoDaddy injecting site-breaking JavaScript into customer websites, here's a fix

GoDaddy is injecting analytics scripts into websites hosted on their systems to track users. Here's how to opt-out.

Popular web hosting service GoDaddy has started injecting a JavaScript file into the web pages it hosts, according to Australian technology consultant Igor Kromin. GoDaddy's analytics system is based on W3C Navigation Timing, but the company's practice of unilaterally opting in paying customers to an analytics service—tracking the visitors to websites hosted on GoDaddy services—without forewarning is deserving of criticism.

GoDaddy claims the technology, which it calls "Real User Metrics" (RUM), "[allows] us to identify internal bottlenecks and optimization opportunities by inserting a small snippet of javascript code into customer websites," that will "measure and track the performance of your website, and collects information such as connection time and page load time," adding that the script does not collect user information. The script name "Real User Metrics" is somewhat at odds with that claim; likewise, GoDaddy provides no definition of "user information."

SEE: Web hosting services comparison tool (Tech Pro Research)

GoDaddy claims "most customers won't experience issues when opted-in to RUM, but the JavaScript used may cause issues including slower site performance, or a broken/inoperable website," particularly for users of Accelerated Mobile Pages (AMP), and websites with pages containing multiple ending tags.

Customers of GoDaddy can opt out of RUM by going to myh.godaddy.com, logging in, and clicking on the hosting account that you want to exclude. From there, click the "..." button, and "Help Us," the click "Opt Out." The script will be removed immediately from your website when opting out.

Kromin notes that he is "not against web host providers monitoring how their servers are running," but that "Injecting JavaScript into pages being served is far from passive and... a violation of trust between the web host and the customer."

If you are looking to switch web hosts, check out TechRepublic's cheat sheet to choosing the best web host, and how to spot unscrupulous domain registrars with these four tips.

Update: GoDaddy provided this statement to TechRepublic's sister site ZDNet:

"We created a Real User Metrics (RUM) JavaScript to improve our hosting environment for our customers. The script is a non-invasive performance monitor that enables us to measure and track the performance of customer websites, and collects information, such as connection time and page load time.
We only collect performance data, nothing more. We don't collect personal information. The data we collect is used to monitor our internal systems, optimize DNS resolution, improve network routing and server configurations, and help us improve the performance of our customers' websites.
After careful review of the concerns being raised around this program, we have decided to turn off the Javascript insertion on our hosting platform immediately. We will reintroduce this program in the future, so that it is on an opt-in only basis. We apologize for any confusion and inconvenience to our customers."

The big takeaways for tech leaders:

  • GoDaddy is injecting JavaScript into customers of paid hosting services to "identify internal bottlenecks and optimization opportunities." This is an opt-out feature.
  • The script is known to cause performance regressions for users of AMP.

Also see

istock-802301304datamanagers.jpg
Gorodenkoff Productions OU, Getty Images/iStockphoto

About James Sanders

James Sanders is a technology writer for TechRepublic. He covers future technology, including quantum computing, AI, and 5G, as well as cloud, security, open source, mobility, and the impact of globalization on the industry, with a focus on Asia.

Editor's Picks

Free Newsletters, In your Inbox