Why CDN hosted libraries are bad

Loading libraries from CDNs is generally perceived as a simple way to speed boost the loading time of your website, but don't stop your thinking from going further ! The cons outnumber the pros by a large amount if you ask me... lets mention a few :

  1. Your website will not work when a CDN is down if your code is depending on it ! (even if your website's itself is not down)
  2. A new TCP connection must be initiated for the CDN because it comes from an other domain (which can add more precious milliseconds to your loading time).
  3. It's a huge security risk ! You are willingly injecting external JavaScript code into your website, imagine if someone hacks that CDN and inject malicious code directly into your website... You won't even notice !
  4. It's also a huge privacy concern ! because a CDN could be spying all the traffic of every single pages of your websites (where the CDN is added) via the Referer header ! They could also see the UserAgent of every visitors. They could estimate how much revenues you make based on how many times your "Payment success" page is called, and so on !
  5. CDNs sometimes can be slow in an unpredictable way (ex: if their server receive a spike of requests or have network problems, etc). I've personally seen a request taking as long as 8 seconds !! And during that time, the website was not rendering because it was waiting for that dependency to load.
  6. It's preventing you to work on your website offline when you don't have access to Internet, which is annoying.