Description
Subresource Integrity (SRI) is a security feature that allows browsers to verify that resources fetched, such as from a content delivery network (CDN), are delivered without unexpected manipulation. It achieves this by enabling you to provide a cryptographic hash that the fetched resource must match.
Recommendation
To enhance security, add a base64-encoded hash of the resource in the value of the integrity
attribute of the <script>
or <link>
element. You can obtain the hash from the resource provider or calculate it yourself. See references for details.
References
Related Issues
- Content-Security-Policy Header is Missing - Vulnerability
- Referrer-Policy Header is Missing - Vulnerability
- Strict-Transport-Security Header is Missing - Vulnerability
- X-Content-Type-Options Header is Missing - Vulnerability
- Tags:
- Subresource Integrity
Anything's wrong? Let us know Last updated on May 13, 2024