Question 1

What is Subresource Integrity (SRI)?

Accepted Answer

SRI is a security feature that allows browsers to verify that resources (scripts, stylesheets) haven't been modified. When you include an integrity hash, the browser checks the file matches before executing it, protecting against CDN compromises or man-in-the-middle attacks.

Question 2

Which hash algorithm should I use?

Accepted Answer

SHA-384 is recommended as the best balance of security and performance. SHA-256 is also secure but slightly weaker. SHA-512 provides the most security but is larger. All three are currently considered secure.

Question 3

When should I use SRI?

Accepted Answer

Use SRI whenever loading JavaScript or CSS from a CDN or third-party source. This includes libraries like jQuery, React, Bootstrap, Tailwind, or any analytics/tracking scripts. If the CDN is compromised, SRI prevents malicious code from running.

Question 4

What is the crossorigin attribute?

Accepted Answer

When using SRI with resources from other domains, you must include crossorigin='anonymous'. This enables CORS and allows the browser to perform the integrity check. Without it, the integrity attribute is ignored for cross-origin resources.

Question 5

Can I use multiple hashes?

Accepted Answer

Yes, you can include multiple hashes separated by spaces. The browser will accept the resource if ANY of the hashes match. This is useful when transitioning between file versions or supporting multiple valid versions.

SRI Hash Generator

Why Use Subresource Integrity?

CDN Protection

Tamper Detection

Supply Chain Security

Frequently Asked Questions

What is Subresource Integrity (SRI)?

Which hash algorithm should I use?

When should I use SRI?

What is the crossorigin attribute?

Can I use multiple hashes?

More Free Tools

Secure Your Entire App