chore: remove cdnjs polyfill and dead UA Google Analytics tag#79
Merged
Conversation
Closes #70 ## What Delete two `<script>` blocks from `_includes/footer.html`: - the `cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js?version=4.8.0` script (with its SRI hashes), and - the Universal Analytics gtag block targeting `UA-1265430-2` (the `googletagmanager.com` script tag plus the inline `dataLayer` / `gtag('config', ...)` initialization). ## Why The polyfill bundle covered IE 11 and pre-2017 browsers. Audit of the site's JS shows every feature used (`fetch`, `Promise`, `Array.filter`/`map`, `localStorage`, `classList`, `matchMedia`, `querySelector`, `JSON.parse`) is baseline-supported in Chrome 49+, Firefox 52+, Safari 10.1+, and Edge 16+ — all from 2017 or earlier. IE 11 was discontinued by Microsoft in June 2022, removing the only remaining browser that would have needed polyfilling. The cdnjs polyfill mirror is also residual exposure from the polyfill.io 2024 supply-chain compromise; removing the dependency removes the supply-chain risk. The UA-1265430-2 Google Analytics tag is dead. Google sunset Universal Analytics on July 1, 2023; new hits are rejected and no data has been collected for nearly two years. The tag still loaded the gtag.js bundle from googletagmanager.com on every page load (privacy and third-party-request cost) without doing anything useful on the backend. ## Notes - The site is now running with zero analytics. Picking a replacement (GA4, Plausible, Fathom, Umami, GoatCounter, etc.) is a product/privacy decision rather than a security concern; worth its own conversation and a fresh issue. - The polyfill bundle loaded synchronously and was render-blocking. Removing it eliminates one render-blocking request and one third-party TLS handshake per visit. - Removing the gtag tag means no more requests to `googletagmanager.com` per page load — relevant to the same privacy posture the Google Fonts removal addressed in PR #75. Signed-off-by: jmeridth <jmeridth@gmail.com>
jmeridth
added a commit
that referenced
this pull request
May 30, 2026
Closes #78 ## What Add a GA4 measurement tag wired through `_config.yml`. The measurement ID `G-6DK8Y2SBT2` is set in `_config.yml` as `google_analytics_id`. `_includes/footer.html` emits the standard gtag.js snippet only when both conditions hold: `jekyll.environment == "production"` and `site.google_analytics_id` is set. ## Why PR #79 removed the dead `UA-1265430-2` tag because Universal Analytics was sunset by Google on July 1, 2023 and was collecting no data. This PR re-introduces analytics on the modern GA4 platform under a new property. Putting the measurement ID in `_config.yml` keeps future ID changes out of template HTML. The `jekyll.environment == "production"` guard prevents local `jekyll serve` runs from polluting GA4 — GitHub Pages sets `JEKYLL_ENV=production` automatically during deploy builds, so production traffic is captured without needing manual configuration on the server side. ## Notes - GA4 sets cookies and processes visitor IPs. For EU visitors this technically requires a cookie consent banner for GDPR compliance. Adding consent is out of scope for this PR; can be filed as a follow-up if the audience or legal posture changes. - The snippet is gated on both the environment AND the config key being set, so removing `google_analytics_id` from `_config.yml` cleanly disables analytics without touching template code. - The Liquid key `google_analytics_id` uses an underscore to match Jekyll's convention for templated variable names (`site.google_analytics_id`). Signed-off-by: jmeridth <jmeridth@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #70
What
Delete two `<script>` blocks from `_includes/footer.html`:
Why
The polyfill bundle covered IE 11 and pre-2017 browsers. Audit of the site's JS shows every feature used (`fetch`, `Promise`, `Array.filter` / `map`, `localStorage`, `classList`, `matchMedia`, `querySelector`, `JSON.parse`) is baseline-supported in Chrome 49+, Firefox 52+, Safari 10.1+, and Edge 16+ — all from 2017 or earlier. IE 11 was discontinued by Microsoft in June 2022, removing the only remaining browser that would have needed polyfilling. The cdnjs polyfill mirror is also residual exposure from the polyfill.io 2024 supply-chain compromise; removing the dependency removes the supply-chain risk.
The `UA-1265430-2` Google Analytics tag is dead. Google sunset Universal Analytics on July 1, 2023; new hits are rejected and no data has been collected for nearly two years. The tag still loaded the gtag.js bundle from `googletagmanager.com` on every page load (privacy and third-party-request cost) without doing anything useful on the backend.
Notes
Testing
Verified locally with cache wiped (`rm -rf _site .jekyll-cache`) and `bundle exec jekyll serve --livereload --future`: