Possible unavoidable GT Standard (“shoplift”) font injection on storefront pages via Shopify Shop / Shop Pay runtime

Preface

Based on our investigation, we believe the behavior described below is expected Shopify platform behavior, but we are very open to being proven wrong. We’re submitting this to confirm whether our understanding is correct, and to see whether other merchants have encountered the same scenario or whether there is a supported way to control this.

Summary

We believe that Shopify is injecting GT Standard fonts (/shop-assets/static_uploads/shoplift/GTStandard-*.woff2) into storefront product pages via an inline <style data-description="gravity-font-faces"> block, even when dynamic checkout buttons and payment terms are disabled.

So far, we have not found a way to prevent this via theme customization or app configuration, but we would appreciate confirmation or correction if there is a supported approach.

Affected URLs (example)

https://qualityliquorstore.com/collections/limited-edition/products/jack-daniels-x-mclaren-whiskey

What appears to be happening

An inline server-side style block is present in the page <head>:

<style data-description="gravity-font-faces">
  @font-face {
    font-family: 'GTStandard-M';
    src: url('https://cdn.shopify.com/shop-assets/static_uploads/shoplift/GTStandard-MRegular.woff2') format('woff2');
  }
  ...
</style>

This results in the following font files being requested:

• GTStandard-MRegular.woff2

• GTStandard-MMedium.woff2

• GTStandard-MSemibold.woff2

All served from:

https://cdn.shopify.com/shop-assets/static_uploads/shoplift/

Why we believe this is platform-level behavior

From our testing so far:

• The font-face block does not exist in:

  • theme.liquid

  • sections

  • snippets

  • assets

• It is not initiated by JavaScript (confirmed via HAR analysis)

• HAR initiator indicates the request originates from HTML parsing (server-side)

• The behavior is reproducible in:

  • incognito sessions

  • cache-disabled reloads

  • after removing {{ form | payment_terms }}

  • with dynamic checkout buttons disabled

We also see Shopify Shop / Shop Pay runtime components on the page, including:

• shop.app preconnect

• window.ShopifyPay.apiHost = "shop.app/pay"

• <shop-cart-sync> element

• client.init-shop-cart-sync… module

This led us to believe the font injection may be associated with Shop / Shop Pay infrastructure rather than the theme or app code.

Impact

• PageSpeed Insights flags these font requests as unnecessary/unavoidable

• There does not appear to be a merchant-controlled opt-out

• This makes storefront performance optimization more difficult

• We want to confirm whether this is expected behavior or a misconfiguration on our side

What we’re hoping to confirm

We would really appreciate clarification on one of the following:

1. Whether this behavior is expected when Shop / Shop Pay runtime is active

2. Whether there is a supported way to disable or defer GT Standard font injection

3. Whether other merchants have reported similar findings

Evidence available

• HAR file showing font initiator = HTML parser

• Incognito “View Source” HTML confirming inline injection

• PageSpeed Insights report flagging /shoplift/GTStandard*.woff2

Closing

Again, this reflects our current understanding based on testing, and we’re very happy to be corrected if there’s a supported configuration or best practice we’ve missed. Thanks in advance for any guidance or confirmation.

Yes, they load the font you did not ask for.

This is the font they use for shop-pay and other “Shop”-related popups, etc.
It’s loaded from the <style> tag created by JS code injected as part of the context_for_header variable.

The code uses .appendChild method, so if absolutely necessary one can overload this method to check what’s being added and skip…

Or, create a <style data-description="gravity-font-faces"> element in head and the JS code will not add it:

const Bo = "gravity-font-faces"
  , Ho = ({authorizeStateEnabled: e=!0, children: n, devMode: o=!1, element: r, featureName: i, getFeatureDictionary: s, metricsEnabled: l=!0, monorailProps: c, overrideLocale: d}) => {
  Me(( () => {
    if (t.querySelector(`style[data-description="${Bo}"]`))
      return;
    const e = t.createElement("style");
    e.dataset.description = Bo,
    e.appendChild(t.createTextNode("\n@font-face {\n  font-family: 'GTStandard-M';\n   . . .")),
    t.head.appendChild(e)
  }
  ), []);

@Michael-Thomas I’ve seen the same behavior on several stores. From what I can tell, the GT Standard font block comes from the Shop/Shop Pay runtime layer, not the theme. It loads even with dynamic checkout buttons and payment terms disabled, which matches your findings.

So far I also haven’t found a merchant-side opt-out or a theme setting to remove those font declarations. PageSpeed flags them as render-blocking. Hoping Shopify can confirm whether this is intended and whether there’s a supported way to disable or defer the font injection for performance reasons.