Subresource Integrity

What is it

Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.

When to use it

Everytime you use external <script> or <link> resource

How to learn it

Learn about Subresource Integrity and its W3C specification.

How to use it

Most CDNs will provide you a copy-paste ready code snippet like in the example below:

<link
  rel="stylesheet"
  href="https://cdn<...>otstrap.min.css"
  integrity="sha384-gH<...>Bx"
  crossorigin="anonymous"
/>

You could also use a small helper script called SRI Checker to help you fix existing code.

Make sure to add crossorigin attribute with anonymous as a value.

What is it​

When to use it​

How to learn it​

How to use it​

What is it

When to use it

How to learn it

How to use it