concept

Subresource Integrity

Subresource Integrity (SRI) is a security feature that enables web browsers to verify that resources they fetch (e.g., scripts or stylesheets from a Content Delivery Network) are delivered without unexpected manipulation. It works by allowing developers to include a cryptographic hash of the expected resource in the HTML, which the browser compares against the fetched file. This helps prevent attacks where a third-party resource is compromised and serves malicious content.

Also known as: SRI, Sub-Resource Integrity, Subresource Integrity Check, Integrity Attribute, Resource Integrity
🧊Why learn Subresource Integrity?

Developers should use SRI when loading external resources from CDNs or third-party services to ensure integrity and protect against supply-chain attacks, such as when a CDN is hacked or a library is tampered with. It is particularly critical for security-sensitive applications like banking sites, e-commerce platforms, or any site handling user data, as it mitigates risks from man-in-the-middle attacks or compromised dependencies.

Compare Subresource Integrity

Subresource Integrity vs Content Security PolicySubresource Integrity vs Same Origin PolicySubresource Integrity vs Trusted Types

Learning Resources

📄
MDN Web Docs: Subresource Integrity
docs
📄
W3C SRI Specification
docs
📝
Google Developers: Subresource Integrity
tutorial
📝
FreeCodeCamp: What is Subresource Integrity?
tutorial
🎬
YouTube: Subresource Integrity Explained
video

Related Tools

Content Security PolicyWeb SecurityCryptographic HashingCdn UsageHtml Script Tag

Alternatives to Subresource Integrity

Content Security PolicySame Origin PolicyTrusted Types