Subresource Integrity is Missing

Description

Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match. ^Moilla

Recommendation

Add a base64-encoded hash of the resource in the value of the integrity attribute of the <script> or <link> element. You can ask the resource provider for the hash of the file or calculate it on your own. Please references for details.

References

• Mozilla: Subresource Integrity
• CWE-353