Subresource Integrity is Missing
Impact: Low
Description
Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match. Moilla
Recommendation
Add a base64-encoded hash of the resource in the value of the integrity
attribute of the <script>
or <link>
element. You can ask the resource provider for the hash of the file or calculate it on your own. Please references for details.
References
👉 You might also like:
Content-Security-Policy Header is Missing - Vulnerability
Referrer-Policy Header is Missing - Vulnerability
Strict-Transport-Security Header is Missing - Vulnerability
X-Content-Type-Options Header is Missing - Vulnerability
Last updated on September 05, 2021