Report source ↗ source url updated Tue Jun 09 2026 00:00:00 GMT+0000 (Coordinated Universal Time)

Web Almanac 2024 — Third Parties

The Third Parties chapter of the HTTP Archive Web Almanac 2024. This is the source that directly answers the wiki’s open question — how much of typical bloat is third-party / analytics vs. first-party code? The short answer: third parties are nearly universal and a major, often-overlooked weight and risk surface.

How pervasive

92% of web pages load at least one third-party resource (steady since 2021–2022).
Usage scales with rank: top-1,000 sites carry a median of 66 third parties vs. 27 for the top million. Popular sites are heavier with third parties, not lighter.
Desktop pages carry more third parties than mobile.

What kind

By request content type, third parties are dominated by:

Scripts: 30.5% · Images: 26.0% · HTML: 11.7%

Leading categories (excluding “unknown”): consent providers (e.g. Google’s fundingchoicesmessages.google.com), video (mostly YouTube), and customer-success / chat tools (e.g. Tawk.to). Analytics, tag managers, and ads remain core.

The concentration story

Google owns five of the top-ten third-party domains: googleapis.com, googletagmanager.com, google-analytics.com, google.com, and youtube.com. Meta’s facebook.com is the only non-Google entry in the top five. So most third-party weight flows through a handful of providers.

Inclusion chains (hidden bloat)

Third parties pull in other third parties: the median inclusion-chain depth is 3.4, 34% of chains exceed length 1, and 14% exceed depth 5. Much third-party weight is therefore indirect — loaded by something the site author never chose directly, which is exactly why this category resists first-party byte budgets.

Why this matters here

Answers the analytics/third-party vs. first-party open question in synthesis: third parties are a structural, near-universal slice of page-weight (much of the 613 KB median JS in web-almanac-page-weight-2024 is third-party script).
Reframes minimalism: hand-authoring less (landing-page-14kb) and smaller bundles (bundle-size, squint) only govern first-party bytes — the third-party-resources layer is a separate, governance-and-consent problem (“privacy, security, and performance implications”).

Caveat: classification relies on a third-party domain database; “unknown” is a large bucket, and category labels are approximate.