Cloudflare's javascripts slowing my site

Hi. I have a wordpress site at . No matter what I do, I can’t remove two javascripts from Cloudflare. I use GTMetrix and I see them in the waterfall tab blocking my site. Those are email-decode.min.js and rocket-loader.min.js. Of course, I’ve already disabled email obfuscation in the Scrape Shield tab and I have Rocket Loader disabled. I purged ALL my caches (Cloudflare cache, Autoptimize cache, SuperCache, even the Cpanel cache). But the js’s are pretty persistent and they insist to appear in GTMetrix waterfall, as blocking js’s and so slowing my site. Also, I can’t add expires headers to them, so I have more than a reason to want them out of my site. Is there any way to remove them as they are already disabled in the Cloudflare panel?

**Notes: **

  • I have not a “cdn-cgi” directory within my site or server. I assume it’s a Cloudflare redirection.
  • I have no “apps” installed through Cloudflare.

email-decode.min.js is not from Cloudflare but from your site.

As for rocket-loader.min.js, I couldnt confirm that delay

You said you disabled Rocket Loader, but I’d really double check that by going to the Speed screen and ensuring that is off.

As I told before, I disabled Rocket Loader. My last attempt was 6 days ago. This is a screen capture of current status.

But it keeps been loading in my site. The path comes from Cloudflare cdn. The complete path is

As for email-decode, the URL is Yes, you’re right, is my domain, but as I’ve told you in the Notes, I have not a cdn-cgi/scripts subdirectory in the site. Tipically, this cdn-cgi is “injected” to the site and appears when you have an app from Cloudflare, but, as I also noted, I have no apps activated. See How remove script <script src="/cdn-cgi/apps/head/PqDfeQR****.js for an example. Also, in says “That’s Cloudflare. Every Cloudflare site has a virtual /cdn-cgi directory

In the following capture it says that the origin server is Cloudflare or I’m interpreting what I mark in yellow in such a way.

Hi, I was able to find the culprit hidden in the Page Rules. I disabled Security and Performance just to test, and immediately I’ve seen email-decode and rocket-loader go out from the waterfall.

The way GTmetrix reports are laid out it means folks are focusing on the wrong page speed performance metrics - page full load time is important but more important is page visual render time for first paint, first meaningful, first contentful paint and document content loaded times. GTmetrix shows that info under their timings tab section. GTmetrix explains some of the metrics at

Cloudflare rocket loader shows as delaying full page loads but they optimise the pages critical render path to improve those metrics you should be focused on and that is what Google is focused on if you look at their Google PageSpeed Insights origin logging for First Contentful Pain and Document Content Loaded times. See You’d want to look at how your web pages html assets are configured to be loaded style wise to optimise for such. Cloudflare Rocket Loader when properly configured and used can help improve your critical render path and as such those user metrics for page speed

Rocket Loader prioritises your website’s content (text, images, fonts etc) by deferring the loading of all of your JavaScript until after rendering. On pages with JavaScript, this results in a much faster loading experience for your users and improves the following performance metrics:

  • Time to First Paint (TTFP)
  • Time to First Contentful Paint (TTFCP)
  • Time to First Meaningful Paint (TTFMP)
  • Document Load

To learn more about the latest version of Rocket Loader visit our blog:

Addition optional configuration:

Best testing tool for that is using and looking at SpeedIndex score and Google Lighthouse metrics for first meaningful paint and perceived visual speedindex and input latency times.

I wrote a guide for my users which maybe useful to you as well

And GTmetrix has a blog article explaining differences between them and other page speed tools like Webpagetest at

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.