What is Subresource Integrity?
SRI is a new W3C specification that allows web developers to ensure that resources hosted on third-party servers have not been tampered with. Use of SRI is recommended as a best-practice, whenever libraries are loaded from a third-party source.
Learn more about how to use subresource integrity on MDN.
How is Subresource Integrity different to HTTPS?
TLS ensures that the connection between the browser and the server is secure. The resource itself may still be modified server-side by an attacker to include malicious content, yet still be served with a valid TLS certificate. SRI, on the other hand, guarantees that a resource hasn't changed since it was hashed by a web author.
How can I generate Integrity hashes?
Use the generator above or the following shell command:
openssl dgst -sha384 -binary FILENAME.js | openssl base64 -A
Test your browser
Both Chrome and Firefox support SRI.
Check out SRI on caniuse.com to see specific browser version support information.
To fully test your browser for subresource integrity support, please open this page.
Your browser supports SRI
Your browser does not support SRI