How can I fix the BOOMr code error in my website header?

Technical Q&A

Topic summary

Problem: Persistent “BOOMR” script error appearing in the site header, despite theme changes, header/main file checks, and reverting recent app changes. The snippet shown matches the Boomerang (performance monitoring) loader code, unexpectedly injected into the page.

Key observations:

  • Local environment suspicion: The code may be injected by software on the user’s machine rather than the site’s theme or apps.
  • Security scans: Multiple spyware tools found nothing for one participant, but manual review uncovered an unexpected program.

Recent update/resolution:

  • Root cause identified as a locally installed app named “SurftoEarn,” installed the same day the issue began.
  • Removing SurftoEarn immediately resolved the header code injection.

Recommended actions:

  • Check installed programs and browser extensions for recent additions (on the date the issue started), including “SurftoEarn” or similar adware.
  • Remove suspicious software and retest.

Status: Likely resolved by removing local adware; no site-side code change required. Unanswered: Exact source of the SurftoEarn installation remains unknown.

Summarized with AI on December 25. AI used: gpt-5.
1

I have tried the solutions listed in some of the other Q&A regarding this topic. I changed the theme, looked in the header and main theme files for the error, and reverted back some apps. Still this header error persists:

"); } else { win._boomrl = function() { bootstrap(); }; if (win.addEventListener) { win.addEventListener(“load”, win._boomrl, false); } else if (win.attachEvent) { win.attachEvent(“onload”, win._boomrl); } } doc.close(); } var link = document.createElement(“link”); if (link.relList && typeof link.relList.supports === “function” && link.relList.supports(“preload”) && (“as” in link)) { window.BOOMR.snippetMethod = “p”; link.href = window.BOOMR.url; link.rel = “preload”; link.as = “script”; link.addEventListener(“load”, promote); link.addEventListener(“error”, function() { iframeLoader(true); }); setTimeout(function() { if (!promoted) { iframeLoader(true); } }, LOADER_TIMEOUT); BOOMR_lstart = new Date().getTime(); parentNode.appendChild(link); } else { iframeLoader(false); } function boomerangSaveLoadTime(e) { window.BOOMR_onload = (e && e.timeStamp) || new Date().getTime(); } if (window.addEventListener) { window.addEventListener(“load”, boomerangSaveLoadTime, false); } else if (window.attachEvent) { window.attachEvent(“onload”, boomerangSaveLoadTime); } if (document.addEventListener) { document.addEventListener(“onBoomerangLoaded”, function(e) { e.detail.BOOMR.init({ ResourceTiming: { enabled: true, trackedResourceTypes: [“script”, “img”, “css”] }, }); e.detail.BOOMR.t_end = new Date().getTime(); }); } else if (document.attachEvent) { document.attachEvent(“onpropertychange”, function(e) { if (!e) e=event; if (e.propertyName === “onBoomerangLoaded”) { e.detail.BOOMR.init({ ResourceTiming: { enabled: true, trackedResourceTypes: [“script”, “img”, “css”] }, }); e.detail.BOOMR.t_end = new Date().getTime(); } }); } })();

Pleas

2

Ran 4 different spyware apps on my system. None found anything. Finally discovered there was an app called SurftoEarn installed on my pc the day the problem started. Not sure where it came from. Definitely didn’t knowingly download it. Once removed, the issue went away. Check to see if you have that app or something else installed the day the problem started for you.