Subresource Integrity (SRI) is a browser feature that lets a page verify that a fetched script or resource matches an expected cryptographic hash. It matters because third-party or externally hosted resources become risky if the site cannot verify what content is actually being loaded.
What is Subresource Integrity (SRI)?
With SRI, the page includes a hash for the expected resource. If the browser fetches content that does not match, it rejects it. This helps reduce the risk of loading tampered third-party scripts or altered hosted resources.
What Subresource Integrity (SRI) Commonly Supports
Common uses include third-party script integrity, CDN resource verification, browser-side tamper detection, and safer external dependency loading.
Subresource Integrity (SRI) vs. Blind Third-Party Resource Trust
Blind trust loads the resource without verifying its exact content. SRI requires the fetched resource to match a known expected hash.
Frequently Asked Questions
Why is SRI useful?
Because it helps detect tampering of external scripts or other browser-loaded assets.
Does SRI replace CSP?
No. They are complementary. CSP controls where content can load from, while SRI verifies the integrity of the content loaded.
