Third-party monitoring
Third-Party Script Monitoring
The average website loads 15-30 third-party scripts. Your payment form, analytics, chat widget, and ad tags all depend on someone else's servers. When one of them goes down or starts returning errors, your site stays "up" but critical features silently break. Sitewatch checks every external script on your pages and alerts you when something fails.
- Monitor analytics, chat, payment, and ad tag scripts
- Detect when scripts return errors, 404s, or wrong MIME types
- Know when third-party dependencies stop loading
Third-party script failure
Confirmed via 2-of-3 retries
Affected scripts
Recent activity
- Stripe.js -- 503 Service Unavailable6:00 AM
- Intercom widget -- MIME type text/html (expected JS)6:00 AM
- Google Analytics -- 200 OK6:00 AM
- HubSpot tracking -- 200 OK6:00 AM
Free scan
Check your third-party scripts — free
Scan any URL in 20 seconds. Sitewatch lists the external scripts your page loads and flags the ones returning errors, 404s, or the wrong content type — plus broken assets, security headers, and SSL.
Why it matters
Third-party scripts are your biggest blind spot
Payment form failures
When Stripe, PayPal, or Adyen scripts go down or return errors, your checkout breaks completely. Every minute is lost revenue -- and your uptime tool reports everything is fine because your server returns 200 OK.
Chat widget outages
Intercom, Drift, or Zendesk scripts fail silently. Support requests go unanswered. Conversion-driving conversations never happen. Nobody notices for hours or days.
Analytics data loss
When analytics scripts stop loading, you lose attribution data, conversion tracking, and campaign insights. Decisions get made on incomplete data for days before anyone notices the gap.
Silent breakage
A third-party script returning the wrong MIME type or a 404 breaks critical functionality while your site looks perfectly healthy. Without checking each script, these failures are invisible.
Dependency blindness
You control your code but not your vendors. A vendor pushes a bad update, retires an endpoint, or has an outage. Unless you are checking every script on every page, you find out from your customers.
Ad tag failures
Broken ad tags mean lost revenue for publishers. Tag manager misconfigurations and ad network outages go undetected without script-level monitoring.
15-30
Avg third-party scripts per site
2-of-3
Retry confirmation
Every script in your HTML
Coverage
What gets flagged
Third-party issues Sitewatch catches
Script loading failures
- Payment scripts returning error status codes (Stripe, PayPal, Adyen)
- Chat widget scripts failing to load (Intercom, Drift, Zendesk)
- Analytics scripts returning 404 or 5xx errors (GA, Segment, Mixpanel)
- Ad tags and tag manager scripts unavailable or erroring
Delivery and MIME type issues
- Scripts served with non-JavaScript MIME types (browsers block execution)
- Script URLs redirecting to error pages or unexpected destinations
- Scripts returning 404 or 410 after vendor updates or endpoint changes
- CDN-hosted third-party scripts serving wrong content types
How it works
How third-party script monitoring works
Discover all scripts
Sitewatch fetches your page and parses the HTML to find every script tag -- first-party and third-party. Every external script URL is extracted automatically.
Check availability and type
Each script gets a HEAD request to verify its HTTP status code and MIME type. A script returning 503, 404, or text/html instead of application/javascript is flagged.
Confirm with retries
Detected issues go through 2-of-3 retry confirmation. Transient vendor blips are filtered out. Only persistent failures create incidents.
Alert with context
Confirmed failures trigger alerts across your configured channels with the script URL, HTTP status code, MIME type, and which page is affected.
You cannot control vendor outages. You can control how fast you find out.
Free plan. No credit card. 2-minute setup.
The blind spot
Your site depends on scripts you do not control
| Feature | Without monitoring | Sitewatch |
|---|---|---|
| Script failure detection | Users report it (if you are lucky) | Caught on next check cycle |
| Availability checks | Unknown until someone complains | HTTP status and MIME type verified |
| Vendor outage awareness | Hours or days later | Detected in scheduled check or on-demand |
| MIME type validation | Not checked | Every script verified |
| False positive prevention | N/A -- you are not checking | 2-of-3 retry confirmation |
| Script inventory | Manual audit (if it happens at all) | Auto-discovered from your HTML every cycle |
Script failure detection
Availability checks
Vendor outage awareness
MIME type validation
False positive prevention
Script inventory
The dependency you do not control
Why third-party scripts are a supply-chain risk — and how to monitor them
A modern web page is an assembly job. Your HTML pulls in analytics from one vendor, a chat widget from another, payment SDKs from a third, ad tags from a network, and tag managers that load still more scripts on top. The average site loads 15-30 of these. Every one of them runs in your visitor's browser with full access to your page — and every one is hosted on infrastructure you don't control. Third-party script monitoring means continuously verifying that each external script your pages reference is still reachable, returns a success status, and is served as executable JavaScript — so a vendor outage or a swapped endpoint can't silently break your site.
How third-party scripts actually fail
The failures are rarely dramatic. An analytics script starts returning a 404 after the vendor sunsets an endpoint, so your conversion data quietly goes dark. A chat widget's CDN serves text/html instead of application/javascript, so the browser refuses to execute it and support requests stop arriving. A payment SDK like Stripe.js returns a 503 during a regional outage, and checkout breaks for everyone — while your server keeps answering 200 OK and your uptime tool stays green. An ad tag 404s and a publisher loses revenue on every impression. None of these show up as "downtime," which is exactly why they go unnoticed. As we say: a 200 OK doesn't mean it works.
Mixed content and the security dimension
Third-party scripts also break in ways that browsers block outright. A script referenced over http:// on an https:// page is mixed content — modern browsers refuse to load it, and the feature it powers simply disappears. Beyond loading, third-party code is a genuine supply-chain attack surface: a compromised vendor, a hijacked subdomain, or an endpoint that starts redirecting somewhere unexpected can turn a trusted script into a liability. Sitewatch flags these at the request level by verifying status, MIME type, and redirect behavior on every check. For the protocol-level checks, see mixed-content monitoring and broader security monitoring.
What effective monitoring should check
Pinging your homepage tells you the server is alive. It tells you nothing about whether the 20 scripts that page loads are still working. Effective monitoring discovers every external script in your HTML and verifies each one's HTTP status and content type on every cycle — exactly what Sitewatch does as part of its website monitoring, with the same engine that powers broken-assets monitoring. When an entire vendor domain goes dark rather than a single file, third-party dependency monitoring catches it at the domain level, and every confirmed failure ships with root-cause context — the script URL, status code, MIME type, and affected page — so you fix it instead of hunting for it.
FAQ
Frequently asked questions
You can manually open your browser's DevTools Network tab, reload the page, and inspect every external script for its status code and content type — but that's a one-time snapshot you'd have to repeat constantly. Sitewatch automates it: paste your URL and it parses your HTML, discovers every third-party script, and checks each one's HTTP status and MIME type on a schedule. No DevTools, no manual audits, no code on your site.
Add your site to Sitewatch and every monitoring cycle re-discovers and re-checks all external scripts referenced in your HTML. Because vendors change endpoints and have outages without warning, continuous checks are the only reliable way to catch a script that worked yesterday and 404s today. Intervals are configurable per site, from every 30 minutes on Free to every 5 minutes on Pro.
When an external script returns an error status (404, 410, 5xx), is served with a non-JavaScript MIME type, or redirects to an unexpected destination, the browser stops executing it — and whatever feature depended on it silently breaks. Sitewatch confirms the failure with 2-of-3 retries to filter transient blips, then raises an incident naming the script URL, status code, MIME type, and affected page.
Yes. Analytics tags (Google Analytics, Segment, Mixpanel) and chat widgets (Intercom, Drift, Zendesk) are loaded as external scripts, so they fall directly inside Sitewatch's coverage. If the analytics script starts 404ing and your data goes dark, or the chat widget script fails to load and support messages stop arriving, Sitewatch catches the failed request even though the page itself still looks fine.
Yes. A third-party script referenced over http:// on an https:// page is mixed content, and browsers block it outright — the feature it powers disappears with no error visible to you. Sitewatch flags insecure references and protocol issues; see mixed-content monitoring for the dedicated protocol-level checks that pair with per-script monitoring.
Yes. When an individual script file errors, per-script monitoring catches it. When an entire vendor domain goes dark — DNS failure, expired cert, total outage — third-party dependency monitoring catches it at the domain level. Either way, you get an alert across your configured channels (6 channels including Slack, email, and PagerDuty) before your customers tell you.
Sitewatch monitors every external script referenced in your page HTML -- analytics (Google Analytics, Segment, Mixpanel), payment forms (Stripe, PayPal), chat widgets (Intercom, Drift), ad tags, tag managers, and any other third-party JavaScript. Scripts are discovered automatically by parsing the HTML.
No. Sitewatch checks the HTTP status code and MIME type of each script -- verifying that it loads and is served as JavaScript. It does not download, hash, or compare script contents between checks. It catches availability failures and delivery errors, not content-level changes.
Sitewatch detects scripts returning error status codes (404, 5xx), scripts served with wrong MIME types (e.g., a CDN serving text/html instead of application/javascript), and scripts that have been removed or relocated. Detecting these failures is part of Sitewatch's 20 detection rules covering the full range of up-but-broken issues.
When Stripe.js (or any script) returns an error status code or wrong MIME type, Sitewatch confirms the failure with 2-of-3 retries and sends an alert across your configured channels -- 6 channels including Slack, email, and PagerDuty. The alert includes the script URL, HTTP status code, and which page is affected.
No. Sitewatch monitors your pages externally using HTTP requests. It discovers and checks all scripts automatically by parsing the HTML -- no code changes, no tags to install, no vendor integrations required.
Explore more
Related monitoring solutions
Website Monitoring
Full-page verification that goes beyond uptime checks.
Broken Assets Monitoring
Detect broken JS, CSS, images, and delivery failures.
CDN & Cache Issues Detection
Detect MIME mismatches and CDN delivery failures.
Deploy Monitoring
Catch deploy regressions before your users do.
Third-Party Dependency Monitoring
Domain-level outage detection when an entire vendor goes dark — complements per-script monitoring.