Decision Self-host Third-Party Static Assets

accepted

Third-party hosted assets (e.g. web fonts, icon libraries) can lead to performance, privacy, and reliability issues. These include GDPR violations, extra DNS lookups, and outages outside the organization control.

Decision

Critical static assets such as fonts, icons, and front-end libraries will be self-hosted. These files will reside within the project codebase and be served from the same infrastructure as the website.

Exceptions

When upstream providers require external embedding (e.g., maps, videos).
When a commercial support contract exists for the CDN (e.g., Cloudflare with SLA).

Consequences

Improves privacy and avoids third-party data sharing.
Reduces performance overhead from extra DNS requests.
Ensures asset availability during third-party outages.

Additional Considerations

Use package managers (npm, Composer) and automated dependency tools (Renovate, Dependabot) to keep self-hosted assets current.
Load JavaScript as external resource with defer attribute