Back to Glossary

Glossary Term

Third-Party Script Risk

Tampered third-party scripts can compromise every visitor to a site simultaneously.

1 min read

Share this definition

Post it to your feed or send it to teammates.

Third-Party Script Risk

1-minute read

What it is

Third-Party Script Risk arises from externally hosted scripts embedded in web applications for analytics, ads, or integrations.

Why it matters

A compromised script impacts every visitor simultaneously and bypasses perimeter defenses, enabling data theft, skimming, or account compromise.

How to reduce risk

Audit dependencies and vendors regularly, removing unnecessary scripts
Use Subresource Integrity (SRI) and CSP to pin expected script hashes
Self-host critical libraries or proxy them through vetted infrastructure

Related Terms: Supply Chain Attack, Content Security Policy, Browser Fingerprinting

External Resources:

MDN – Subresource Integrity: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity