Browserextensions making the backoffice slow

skttl · October 6, 2025, 7:20am

There has been some discussion in other threads, discord etc, about the backoffice being slow with certain browser extension.

I was starting to experience the same (recently started doing a lot more work with v16 than previously), so I did a quick unscientiffic experiement by disabling my browser extensions one by one.

I found that disabling Dashlane made a big impact in the responsiveness of the backoffice.

If you have similar experience with other browser extensions, add them here, and lets make a list of extensions to avoid when using the backoffice!

LuukPeters · October 6, 2025, 7:26am

Postman Interceptor also makes the backoffice unusable. To be fair, that is not unexpected for a plugin that literally intercepts all requests, but if you forget to disable it…

patrickdemooij9 · October 6, 2025, 7:28am

I wonder what the inner working of those extensions are though. Like, why does it impact the backoffice that much even if we wouldn’t notice it throughout our normal work on the internet?

jacob · October 6, 2025, 9:25am

Could it be that Dashlane tries to find input fields throughout all possible shadow DOM’s of the Backoffice?

I know for a fact Lastpass does not work with input fields nested in shadow DOM, because they refuse to do recursive lookups, but other browser extensions may try to do just that.

In order to find an input field in a shadow DOM, and you do not know where to look, you will have to do it recursively by checking element.shadowRoot?.querySelectorAll(‘input’). I could imagine that takes a toll on the browser if Dashlane does something like that recursively.

To give a bit of context on the larger issue at hand, I believe having read that Lastpass et al. believe that browsers should support ShadowDOM lookup natively through their autofill APIs, whereas the browsers (or at least Chrome) are very undecided whether that is part of the Shadow DOM spec or if it is something the extension authors should support themselves.

skttl · October 7, 2025, 6:58am

I believe thats what it does. I looked around in some of the files from the extension and it does do something with shadow DOM.

I gave Chat GPT the shadow DOM script, and asked what it was doing:

So, every time any component calls attachShadow() (which is what web components do to encapsulate their DOM), this wrapper:

Runs custom Dashlane code.

Sets and removes a DOM attribute (data-dashlane-shadowhost) on the <head>.

Triggers queueMicrotask for cleanup.

I have tried creating a support case with Dashlane, but I doubt they can do anything without removing their ability to autofill fields in Shadow DOM.

ChatGPT also gave me a detection script, that I’m thinking of turning into a package

(function detectDashlaneAttribute() {
  const ATTR_NAME = 'data-dashlane-shadowhost';

  const observer = new MutationObserver((mutations) => {
    for (const m of mutations) {
      if (
        m.type === 'attributes' &&
        m.attributeName === ATTR_NAME &&
        document.head.hasAttribute(ATTR_NAME)
      ) {
        console.warn(
          '%c⚠️ Dashlane activity detected:',
          'color: orange; font-weight: bold;',
          'Dashlane appears to be monitoring shadow DOM creation. This can slow down the Umbraco backoffice.'
        );

        const banner = document.createElement('div');
        banner.textContent =
          '⚠️ Dashlane extension detected — it may slow down the Umbraco backoffice. Disable autofill for this site.';
        Object.assign(banner.style, {
          position: 'fixed',
          top: '0',
          left: '0',
          right: '0',
          background: '#ffcc00',
          color: '#000',
          fontWeight: 'bold',
          padding: '0.5em',
          textAlign: 'center',
          zIndex: 99999,
        });
        document.body.prepend(banner);

        observer.disconnect(); // stop observing once confirmed
        break;
      }
    }
  });

  observer.observe(document.head, {
    attributes: true,
    attributeFilter: [ATTR_NAME],
  });
})();

sebastiaan · October 7, 2025, 7:06am

Oh.. please don’t encourage people to disable autofill though! It encourages using really bad passwords.

I am really wondering why Dashlane can be so intense, while I have both LastPass and Bitwarden installed that are both set to autofill logins.

sebastiaan · October 7, 2025, 7:10am

Okay, Uncle ChatGPT tells me that Dashlane is “just doing it wrong”:

Yeah, that tracks — Dashlane’s extension is known to be far more invasive in how it hooks into the DOM compared to Bitwarden or LastPass.

Here’s what’s going on under the hood:

Dashlane wraps low-level browser APIs, like attachShadow, Element.prototype.appendChild, and even addEventListener, so it can watch every form field that gets created — even inside web components or shadow DOMs.

Every time Umbraco’s backoffice creates or updates a component (and it does that a lot — especially in Umbraco 14+ with Lit/Backoffice UI), Dashlane executes that injected wrapper code.

The attribute flip (data-dashlane-shadowhost) and queueMicrotask cleanup are part of Dashlane’s “context propagation” system so it can detect dynamic form fields. That’s lightweight on small pages, but catastrophic on an app like Umbraco’s backoffice where everything is shadow-DOM based.

In contrast:

Bitwarden and LastPass mostly rely on MutationObserver watching for <input>/<form> nodes, and they don’t interfere with attachShadow.

They’ll miss some deep fields inside custom components but are far less intrusive and CPU-hungry.

So, yes — you’ve nailed the cause. It’s specifically Dashlane’s monkey-patching of attachShadow that kills performance in shadow-DOM-heavy apps like Umbraco’s backoffice.

Workarounds / Fixes
Disable Dashlane on your Umbraco site domain

In the Dashlane browser extension, go to the settings or the pop-up menu → “Never autofill on this website” (or similar wording).

This prevents the script injection and removes the performance impact completely.

Use Bitwarden or LastPass only

Since they don’t patch attachShadow, they coexist fine with modern SPAs and web components.

If you need Dashlane enabled globally:

You can create a custom content script block rule via a browser extension like uBlock Origin or a local enterprise policy that blocks *.dashlane.com/content_script.js or the specific inline scripts for your-umbraco-site-domain.
Development workaround
For local testing, run Chrome/Edge with the flag:
--disable-extensions-except=<path to your essential ones>
or use an incognito window with extensions disabled to confirm performance differences.
There’s no fix on the Umbraco side — nothing you can do in your codebase to mitigate this — because the slowdown happens before your scripts run.

In short: disable Dashlane for your Umbraco domain and the lag will vanish. Bitwarden and LastPass play nice; Dashlane doesn’t.

skttl · October 7, 2025, 7:18am

I changed Dashlane to only activate when clicked. Would be nice if it could simply ignore specific urls (regexes)

jacob · October 7, 2025, 7:19am

Could we disable these extensions in the Backoffice but keep them on the login screen? I mean, Lastpass only works on the login screen anyway because of our “hack” that creates the input fields in the body and later moves them into their place using slots. It doesn’t seem to be of much help to have password extensions inside the Backoffice (if they have problems).

marcemarc · October 7, 2025, 8:36am

For us it seemed to be a combination of extensions:

github.com/umbraco/Umbraco-CMS

TipTap with Blocks using multiple Compositions loads slow

opened 02:56PM - 14 Jul 25 UTC

closed 10:57AM - 03 Sep 25 UTC

marcemarc

category/performance type/bug release/16.3.0

### Which Umbraco version are you using? v16.0 ### Bug summary We are experie…ncing an issue with slllllloooooooowwwwness with Umbraco 16. Both sites are on Umbraco Cloud The first is a project 'not live yet' which started on V15, and has recently been bumped to V16, in terms of whether the move to V16 introduced the issue, is not clear, because it's only now that content is being entered on a grand scale before launch. The second project is a migration of a V13 site, and because we have seen the issue on the first project, we could see it occurring there too. The issue is with 'how long' it takes for the TipTap Rich Text Editor to display 'ready for editing' - after the rest of the UI elements have been loaded. This is intermittent, but can be 3 to 4 seconds later, and because the toolbar and content finally appearing causes layout shift (it can be quite disruptive). The issue seems to be related to pages which use the Block List, with Blocks containing the RTE, I haven't seen the slowness when the RTE is used on the Document Type itself. Essentially when you add a new block ,or open a block the UI starts to load and once all the other elements have loaded there is a good few seconds of the TipTap editor loading 'snake' three dots, until it appears. If you close the block and immediately open it again, it will sometimes be fast, and sometimes be just as slow - it therefore doesn't appear to be a 'first time - then cached' situation, it appears more to be some kind of race condition or dependant on other factors outside of the UI, my machine was not maxed out and there is no strain on the SQL Server, and it's running on Umbraco Cloud so the instances are 'big' The issue happens on dev / staging and live so I think, rules out the issue being related to DotNet Environment settings. I've not been able to recreate it locally with a vanilla V16 and Paul Seals starter kit :-( but can invite you to either Cloud project to observe. ### Specifics I made a video https://youtu.be/Y99tIKrYkYE (the same behaviour is observable without dev tools open) Basically any block that is opened, with a TipTap RTE, has about a 30% chance of taking 3-4 additional seconds to load, this RTE allows inline blocks to be inserted (2 types) but this is also the case with RTE's without inline blocks enabled. On both projects, I can see long running requests to the Management API endpoint <img width="1902" height="813" alt="Image" src="https://github.com/user-attachments/assets/1d0309b5-fd9e-40d1-b6ec-f6c1a2265d1e" /> eg https://the-project-uksouth01.umbraco.io/umbraco/management/api/v1/document-type/262e9d93-e32e-4fae-bc32-4c36fde90f4c With the block list there is often multiple requests to this endpoint with the same guid - but assuming this is the world of webcomponents, rather than anything sinister, the timings for these requests seem long. <img width="1171" height="492" alt="Image" src="https://github.com/user-attachments/assets/b00cee9a-b832-4cd1-9445-1271247f1124" /> The first project is a new build, there are 34 Page Document Types, supported by 9 Composition Document Types 37 Element Types for blocks, 11 Settings Element Types, supported by 4 Composition Element Types. However, anecdotally, the 'slowness' appears to occur after the requests to the Management API have been made, it doesn't appear to be blocked waiting for the data to return from the Management API endpoint, but what do I know! Third party packages installed: Slimsy TheDashboard ClientDrawer Contentment ### Steps to reproduce I guess, create a new Umbraco Cloud site, build a project with 30 DocTypes using 10 compositions, and using the Block List editor, with 30 different block types using 5 different compositions... Make sure the Block list element has a TipTap RTE Add two inline blocks to the configuration of the RTE Then populate the site with content, A homepage, 6 sections, containing 5 to 6 pages within, and then a News section with 30 odd articles... I guess you only need to add the content and the multiple different doc types if the issue isn't immediately recreatable with just a block list (I couldn't recreate it with Paul Seal's starter kit for example). Then try opening a block with RTE Content in repeatedly, perhaps having nested blocks too, and see if you can see the slowness. ### Expected result / actual result Just want it to load pretty snappy, with all the different components loading at different times it gives a really unsmooth jerky experience, like the system is struggling to get the things in front of your face (when really it's doing it as fast as it can) - it might be a less stressful experience if it takes longer but all the UI elements are loaded, but appreciate that's a different thing to this issue - all we are expecting here is the RTE being ready to go in a second, only a mere flash of the three dots loading... I appreciate this is a really vague description, but I'm pointing the info out there in case this is a really super obvious thing you are aware of and working on, so I can stop investigating, or if other people are experiencing same but it feels to vague a thing to raise, at least there is a ticket people can add observations too, and I guess we'll continue digging here and update ticket if we find something or have a more reliable way to recreate it. --- _This item has been added to our backlog AB#54707_

@leekelleher exciting update… disabling all browser extensions - its fine…

But here’s the thing, different people have different browsers and different extensions, and we’ve experienced the issue across both Edge and Chrome - it doesn’t seem to be a specific extension.

I started reenabling one by one

Dashlane - ok
Dashlane + LastPass - not ok
LastPass - ok
LastPass + SilkTide - not ok
SilkTide - ok
SilkTide + Dashlane not ok…

I just go incognito when I need to edit Umbraco 16 sites, but it’s a pain as I then have to remember my password to Umbraco Cloud…