Environment High Vega has detected that script code is being included from an unrelated domain. This gives the operator of the server where the code originates control over the DOM, and the web application . Even if the source is trusted, there are implications if the website hosting the script code is ever compromised. Servers should host their own Javascript, especially for critical applications. Vega detected that content on a server is including Javascript content from an unrelated domain. When this script code is fetched by a user browser and loaded into the DOM, it will have complete control over the DOM, bypassing the protection offered by the same-origin policy. Even if the source of the script code is trusted by the website operator, malicious code could be introduced if the server is ever compromised. It is strongly recommended that sensitive applications host all included Javascript locally. Wikipedia: Same-Origin Policy