External calls to googleapis.com sites

Hi guys,
I am pretty new to metabase and I am wondering about one aspect (did not find any results on this forum nor on Google):
While using the Metabase-Frontend, I realized calls to “fonts.googleapis.com” and “ajax.googleapis.com”.
My question(s) now:
Can they be disabled somehow?
What would happen, if such calls would not succeed/be blocked?

Thx and best regards,


Adding some additional background to this: in many data centers (Germans are data security maniacs :wink: ) AJAX calls to the public web are strictly forbidden either on organizational level (you are not allowed to deploy) or enforced via strict CSP security policies.

Fonts could be likely easily embedded and shipped with the application itself, not sure about those ajax.googleapis.com calls though. Any help/input appreciated.


1 Like

Hi @Tom_S
That is used for initializing the font-family Lato. If you block it, then the font would fall-back, since very few computers has the font available.
But it’s currently not something you can do with a simple toggle in the settings.

Hi @jza
To avoid duplicates, I’m just going to ask you. Can you create a new issue, which describes reasons for including the fonts and avoiding the two external JS calls?
And please post the link here.

Thanks for the infos flamber. Created https://github.com/metabase/metabase/issues/10682

1 Like

@jza Awesome. I already gave you the first :+1: - anyone else, upvote by clicking :+1: on the first post.