Subresource Integrity
What is it
Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.
When to use it
Everytime you use external <script>
or <link>
resource
How to learn it
Learn about Subresource Integrity and its W3C specification.
How to use it
Most CDNs will provide you a copy-paste ready code snippet like in the example below:
<link
rel="stylesheet"
href="https://cdn<...>otstrap.min.css"
integrity="sha384-gH<...>Bx"
crossorigin="anonymous"
/>
You could also use a small helper script called SRI Checker to help you fix existing code.
Make sure to add crossorigin
attribute with anonymous
as a value.