APP BLOAT

How to Find and Remove Ghost Code from Your Shopify Theme

7 min read

Published: March 2026 Reading time: 6 minutes

Uninstalling a Shopify app doesn't remove its code from your theme. That's not a bug, it's how Shopify's app architecture works. And it means most Shopify stores are loading JavaScript and CSS from apps they stopped paying for months or years ago.

I call this ghost code. It's the most consistent finding in every store I audit: scripts still loading, making network requests, and slowing down page rendering for an app that's been gone from the admin since last spring.

Here's how to find it and what to do about it.

Why Uninstalling Doesn't Remove the Code

When a Shopify app adds functionality to your storefront, it injects code in one of two ways, and they behave very differently when you uninstall.

  1. Direct theme file injection The app adds <script> or <link> tags directly into theme.liquid, section files, or snippets. When you uninstall, Shopify revokes the app's access permissions. It does not revert changes made to your theme files. Those tags stay indefinitely, until someone removes them manually.
  2. Script Tag API Some apps use Shopify's Script Tag API to inject JavaScript at the storefront level without touching theme files. According to Shopify's documentation, Script Tags registered by an app are automatically deleted when that app is uninstalled. In practice, this is the cleaner path, but it only applies to apps that used the Script Tag API in the first place. If the app injected code directly into your theme files, that cleanup doesn't happen automatically.

The result in both cases: your store loads code for an app with no valid account, no active API credentials, and no reason to exist in your theme.

What Ghost Code Actually Does to Your Store

The performance impact depends on what type of code was left behind and how it loads.

Render-blocking scripts If the leftover script tag doesn't have async or defer attributes, the browser has to fetch, parse, and execute it before it can continue rendering the page. This directly delays your Largest Contentful Paint, the metric Google uses to assess page load performance for Core Web Vitals.

Failed network requests Many ghost scripts make requests to the app's external servers to load configuration data, fonts, or additional scripts. Those requests either return 404 errors or hang until they time out. Both scenarios hold up other resources from loading.

JavaScript errors When ghost code tries to initialize, it often calls functions or looks for DOM elements that no longer exist because the app's backend is gone. This can cause console errors that break other scripts running on the same page.

In a controlled test on this demo product page, removing a review app's code reduced HTTP requests from 205 to 137 and page weight from 2MB to 1MB.

 

Document complete time improved by 1.6 seconds.¹ That's with the app actively installed and its endpoints responding. Ghost code, the same scripts left behind after uninstalling,  makes the same requests to servers that no longer have a valid account to respond to.

 

Requests that previously resolved in milliseconds now return 404s or hang until timeout. The payload cost is identical. The timing cost is worse.

How to Find Ghost Code in Your Theme

Method 1: Chrome DevTools Network Tab

This is the most reliable method because it shows you what's actually loading, not just what's in your code.

  1. Open your storefront in Chrome — use an incognito window to avoid cached data

  2. Open Chrome DevTools (F12, or Cmd+Option+I on Mac)

  3. Click the Network tab

  4. Reload with cache disabled (Cmd+Shift+R on Mac / Ctrl+Shift+R on Windows)

  5. Filter by JS to see all JavaScript loading

Look for:

  • Files from external domains you don't recognize — app vendor subdomains like cdn.someapp.io or assets.reviewapp.com

  • Files returning 404 status — failed requests, often from apps that have been shut down

  • Files with load times that are long relative to their size — network timeouts from dead endpoints

  • File names that include app identifiers you no longer use

Switch the filter to CSS and repeat.

Method 2: Theme Code Search

In your Shopify admin, go to Online Store → Themes → Edit Code on your live theme.

Search in theme.liquid for:

  • Common app vendor domains: cdn.judge.me, cdn.yotpo.com, loox.io, stamped.io, klaviyo.com

  • Any <script> tags referencing external domains you don't recognize

  • cdn.shopify.com/app_proxy — app proxy scripts

Then check your snippets folder for files with app-specific names — judgeme-widgets.liquid, yotpo-main.liquid, klaviyo-form.liquid. If those apps are uninstalled, these snippets are being rendered but calling nothing.

Method 3: Lighthouse Unused JavaScript Report

Run a Lighthouse audit in Chrome DevTools (Lighthouse tab → Analyze page load). In the Opportunities section, look for "Remove unused JavaScript." Lighthouse shows which scripts have low coverage. A high percentage unused is often a signal worth investigating.

This doesn't definitively identify ghost code, but it surfaces candidates for closer inspection.

How to Remove Ghost Code Safely

Finding it is the easy part. Removal requires care.

Step 1: Confirm the app is fully uninstalled

Go to Settings → Apps and sales channels in your Shopify admin. Confirm the app isn't still installed in a disabled or trial state. If it is, complete the uninstall first.

After uninstall, run the DevTools network check again. Script Tags injected via the API should be gone. Shopify removes these automatically when an app is uninstalled. If you're still seeing script tags from the app's domain after a confirmed uninstall, those were injected directly into your theme files, not via the Script Tag API, and you'll need to remove them manually.

Step 2: Search for all references before deleting

Before removing any snippet or script tag, search your entire theme for references to it. A snippet might be included in three different section files. Deleting the snippet without removing all {% render %} calls will cause Liquid errors.

Step 3: Work on a duplicate theme

Duplicate your live theme before making any changes. If a removal breaks something, you need a rollback path.

Step 4: Remove the code

For theme.liquid script tags: delete the tag and any associated <link> or <style> tags for the same app.

For snippets: remove the snippet file and all {% render 'snippet-name' %} calls across all templates and sections.

For persistent Script Tag injections: if a Script Tag is still appearing in DevTools after a clean uninstall, that's an app-side issue. The app's uninstall process didn't complete correctly. Contact the app developer directly with the script URL. This is their cleanup responsibility, not Shopify's.

Step 5: Test every checkout path

After removal, test your storefront thoroughly, especially checkout. Some ghost code may be referenced by scripts that are still active. The Network tab should no longer show the removed scripts loading.

What This Usually Finds in Practice

The stores I audit most commonly have ghost code from:

  • Review apps — Yotpo, Judge.me, Stamped, Loox. These inject significant JavaScript for widget initialization, API calls, and UGC loading. All of it persists after uninstall if it was injected directly into the theme.

  • Page builders — PageFly, GemPages, Zipify. Page builder code is among the heaviest ghost code — large initialization scripts and their own CSS frameworks.

  • Marketing and popup apps — Privy, OptinMonster, Justuno. Often added for a campaign and never removed.

  • Loyalty apps — LoyaltyLion, Smile.io. Significant JavaScript footprint for widget rendering.

  • Old analytics scripts — Third-party tools that were replaced but the tags weren't cleaned up.

In a store with 20+ app installations over its lifetime, finding 6–10 ghost scripts still loading is not unusual. Each one is a network request that runs before your page finishes loading.

How to Prevent It Going Forward

The cleanest prevention is a documented removal process. Every time an app is uninstalled:

  1. Check theme.liquid for leftover script and link tags

  2. Check the snippets folder for app-named files

  3. Search for {% render %} calls to those snippets across all templates and sections

  4. Run a DevTools network check after uninstall to confirm nothing persists

It takes 15 minutes. It prevents the accumulation.

Not Sure What's in Your Theme Right Now?

The Bloat Score Calculator gives you a quick estimate of your store's technical debt based on your app count, monthly spend, and performance score. Two minutes, and you'll know whether a full audit is worth it.

Want to know what your app stack is actually costing?

The Bloat Score Calculator takes 60 seconds. Enter your app count, monthly spend, and performance score — I'll tell you what to look at first.

Check My Bloat Score →