SubResource Integrity

SubResource Integrity (SRI) is a security feature that helps ensure the integrity of resources loaded by a web page. It allows browsers to verify that the resources they fetch (e.g., scripts, stylesheets) are delivered without unexpected manipulation.

How SRI Works

When using SRI, a cryptographic hash of the resource is included in the integrity attribute of the <script> or <link> tag. The browser fetches the resource and computes its hash, comparing it to the provided hash. If the hashes do not match, the browser blocks the resource from loading, ensuring that the content has not been tampered with.

Example Usage

Here is an example of how to use SRI with a script tag:

<script src="https://example.com/script.js" integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxp1LzqW4=" crossorigin="anonymous"></script>

SubResource Integrity

How SRI Works​

Example Usage​

How SRI Works

Example Usage