Application

Subresource Integrity

A W3C feature that lets you pin a hash of a remote JS / CSS asset in your HTML. The browser fetches the asset, hashes it, and rejects the load if the hash doesn’t match. Effective defense against a CDN getting tampered with mid-transit.

File content

Paste the exact bytes of the file you’re including. The integrity hash is computed over what your browser would download , one byte different and the hash fails.

Algorithm

integrity attribute value

…

Full <script> tag

SRI in one paragraph

Subresource Integrity (W3C) lets you pin a hash of a remote asset in HTML. The browser fetches the resource, hashes it, and compares against the integrityattribute. If they don’t match, the resource is rejected. SHA-384 is the W3C-recommended algorithm; SHA-256 and SHA-512 are also accepted. Multiple hashes separated by spaces are allowed (any matching one passes).