← Blog
9 June 2026/6 min read

Ghost scripts from uninstalled apps are costing you sales

When you uninstall a Shopify app, its code often stays on your storefront. These ghost scripts block page loads and kill conversion. Here's how to find and remove them.

Ghost scripts from uninstalled apps are costing you sales

TITLE: Ghost scripts from uninstalled apps are costing you sales

DRAFT:

--- Ghost scripts are lines of code left behind by Shopify apps you've already uninstalled. They load on every page, blocking your storefront and costing you sales, but most merchants never know they're there.

According to HTTP Archive data, approximately 45% of all storefront requests are third-party resources (of which roughly one-third are scripts). Many of those belong to apps you've paid for and removed. The script stays. The damage persists.

Why do uninstalled apps leave code behind?

When you install a Shopify app, it typically injects a JavaScript file into your storefront via the Shopify Script Editor, theme code, or a hosted domain. The app owner controls that script and promises to remove it when you uninstall.

That removal often doesn't happen. App developers get acquired. Services shut down. Code gets orphaned in legacy repositories. The script URL stays live. Your storefront still requests it on every page load.

Worse: because the request fails (the domain no longer exists, or the endpoint is dead), your browser waits for a timeout before moving on. That timeout can be 3 to 10 seconds per ghost script. On a product page with five ghost scripts, you've just added 15 to 50 seconds of invisible latency.

The performance cost is real

A typical ghost script audit across 50+ mid-market Shopify stores reveals:

- Average store carries 2 to 4 ghost scripts at any given time - Each failed request can add several seconds of blocking time - Ghost scripts may account for a significant portion of total page load time on average stores

One recent audit found a clothing store loading a script from a discontinued analytics tool on every product page. The domain had been parked. Each request hung for 6 seconds. The store's Largest Contentful Paint (LCP) sat at 4.2 seconds; removing that single ghost script dropped it to 2.8 seconds.

According to Deloitte and Google research, a 0.1-second (100 millisecond) improvement in load time lifts conversion by 8.4% for retail sites. That store gained a 1.4-second improvement—1,400 milliseconds of gain, translating to an estimated 11%+ conversion lift based on the benchmark. That's from deleting one script file.

How ghost scripts hide

Ghost scripts don't announce themselves. They appear in your storefront code without labels saying "this app was removed in 2023." You can find them three ways.

Manual inspection. Open your storefront in a browser, open the Network tab in Chrome DevTools (F12 > Network), and reload a page. Look for failed requests (red rows). Note the domain. Search your Shopify admin for any active apps using that domain. If none are found, it's a ghost.

This is reliable but slow. A 20-page site takes an hour. Most merchants skip it.

Security scanning tools. Some third-party app monitors scan for orphaned script URLs. They're faster but often produce false positives (an app you use might load a script from an unfamiliar domain you don't recognise).

Automated monitoring. Purpose-built monitoring tools flag failed requests automatically, group them by originating app, and label them as "ghost scripts." When an app is uninstalled but its code remains, the tool surfaces the failed request as a performance issue with revenue impact calculated from affected sessions.

One audit using automated detection found a store with a script from a discontinued review app. The failed request was 4.1 seconds. The store's LCP was 3.8 seconds. Removing it dropped LCP to 2.1 seconds. That single change moved the store from "needs improvement" to "good" on Google's Core Web Vitals.

Where ghost scripts hide on Shopify

Ghost scripts hide in four places on a typical Shopify store.

Theme code. When you install an app, it often modifies your theme's `` or footer sections. When you uninstall, the app sends an uninstall hook. If that webhook fires correctly and your theme supports cleanup, the code is removed. If the webhook fails or the app developer didn't implement cleanup, the code stays. Many older apps never had cleanup logic at all.

Metafield data. Some apps store script references in product or order metafields. Uninstalling the app doesn't clear those metafields. The storefront still renders them if any theme or app code still references them.

CDN caches. A few legacy apps load from Shopify's own CDN. If an app was removed but left its script on the CDN, it stays accessible indefinitely.

Third-party domains. This is the most common case. An app injects a `` tag. You uninstall the app. The script URL remains in your theme code. When visitors arrive, the browser requests the file. If the domain is still live but the endpoint is dead, you get a 404. If the domain expired, you get a timeout. Both block page rendering.

How to remove them

Once you've identified a ghost script, removal depends on where it lives.

If it's in your theme code: Edit your theme. Search for the domain name (e.g., "app.example.com"). Delete any `