Skip to main content

Subresource Integrity

What is it

Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.

When to use it

Everytime you use external <script> or <link> resource

How to learn it

Learn about Subresource Integrity and its W3C specification.

How to use it

Most CDNs will provide you a copy-paste ready code snippet like in the example below:


You could also use a small helper script called SRI Checker to help you fix existing code.

Make sure to add crossorigin attribute with anonymous as a value.