Subresource Integrity is Missing

Description

Subresource Integrity (SRI) is a security feature that allows browsers to verify that resources fetched, such as from a content delivery network (CDN), are delivered without unexpected manipulation. It achieves this by enabling you to provide a cryptographic hash that the fetched resource must match.

Recommendation

To enhance security, add a base64-encoded hash of the resource in the value of the integrity attribute of the <script> or <link> element. You can obtain the hash from the resource provider or calculate it yourself. See references for details.

References

• CWE-353
• Mozilla: Subresource Integrity