Most status pages I've audited load between 8 and 15 third-party resources: Google Fonts, analytics beacons, session recorders, icon CDNs, sometimes embedded chat widgets. For a page whose entire job is to communicate "something is broken, stay calm," that's a lot of attack surface — and a lot of DPA paperwork if you sell into the EU.
I'm building FoundersDeck, a GDPR-native monitoring toolkit. When I designed the status page, I set one hard constraint:
The page makes requests to exactly one domain. Its own.
Sounds trivial. It isn't.
The checklist
Here's what had to go:
❌ Google Fonts → self-hosted WOFF2, subset to Latin
❌ Analytics → removed from status page entirely
❌ Icon CDN → inlined SVG sprite
❌ External CSS → bundled at build
❌ Tracking cookies → none set, no consent banner needed
❌ Session replay → never added
The stack
SvelteKit with SSR, PostgreSQL, EU hosting, no US subprocessors in the request path. Uptime and heartbeat checks run from EU regions. Fonts are self-hosted and subsetted. Icons are a single inlined SVG sprite.
The page renders server-side. First paint is the full page. No hydration needed to see the current status.
The metrics that actually matter
The old version used colored bars ("all green, all good"). Looked clean, communicated nothing. The new version shows:
- MTTR — mean time to recovery
- Incident count for the period
- Max downtime window (worst single incident)
- Average response time
- Uptime percentage When something breaks, users want to know how bad and how fast you fix things. Color bars don't answer either question.
Why bother
A status page is the most-linked external page most SaaS products have. It shows up in outage emails, docs, partner dashboards, support tickets. If it leaks data to third parties, that leak is at maximum surface area exactly when customers are already irritated.
For EU buyers, it's also the first page their legal team opens during a DPA review.
Try it
FoundersDeck is live at foundersdeck.dev. Open DevTools on any status page — you'll see one domain in the Network tab.
Happy to answer questions about the SvelteKit SSR setup, the font subsetting, or the EU hosting stack.
Top comments (0)