SRI (Subresource Integrity) protects against CDN compromise. In <script src="..." integrity="sha384-..."> the integrity attribute contains a hash of the expected content. If the CDN swaps the file (supply-chain attack), the hash mismatches and the browser refuses to execute. Mandatory for all external CDN resources.
Free online tool — website security scanner: instant results, no signup.
SRI (Subresource Integrity) protects against CDN compromise. In <script src="..." integrity="sha384-..."> the integrity attribute contains a hash of the expected content. If the CDN swaps the file (supply-chain attack), the hash mismatches and the browser refuses to execute. Mandatory for all external CDN resources.
Subresource Integrity (SRI) is a security feature that enables browsers to verify that files hosted on third-party servers have not been manipulated. When a web page references an external script or stylesheet, it can include an integrity attribute, which contains a cryptographic hash of the file's expected content. This hash is computed using a secure hashing algorithm like SHA-256, SHA-384, or SHA-512.
When the browser fetches the resource, it computes the hash of the downloaded file and compares it with the hash provided in the integrity attribute. If the hashes do not match, the browser will refuse to execute the file, thereby preventing potential supply-chain attacks where an attacker compromises a Content Delivery Network (CDN) to deliver malicious content.
To implement SRI, you can use the following syntax:
<script src="https://cdn.example.com/library.js" integrity="sha384-abc123..." crossorigin="anonymous"></script>The crossorigin attribute is also crucial for SRI as it specifies how the browser should handle CORS (Cross-Origin Resource Sharing) requests.
Implementing Subresource Integrity (SRI) effectively requires adherence to several best practices to maximize security:
integrity attribute accordingly. This prevents mismatches that could lead to broken functionality.By following these best practices, web developers can significantly reduce the risk of supply-chain attacks and ensure that their applications are secure.
To integrate Subresource Integrity (SRI) into your web project, follow these steps:
openssl to generate the hash for each file. For example:openssl dgst -sha384 -binary library.js | openssl base64 -AThis command computes the SHA-384 hash of library.js and encodes it in base64 format.
<script src="https://cdn.example.com/library.js" integrity="sha384-" crossorigin="anonymous"></script> Following these steps will ensure your web application is safeguarded against supply-chain attacks through effective use of SRI.
The tool checks HTTP security headers, SSL/TLS configuration, server info leaks, and protection against common attacks (XSS, clickjacking, MIME sniffing). A grade fromA to F shows overall security level.
Checking Content-Security-Policy, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and more.
TLS version, certificate expiry, chain of trust, HSTS support.
Finding exposed server versions, debug modes, open configs, and directories.
Detailed report explaining each issue with specific steps to fix it.
HTTP header audit
config verification
CSP & HSTS setup
compliance checks
Strict-Transport-Security.Server: Apache/2.4.52 helps attackers find exploits. Hide the version.DENY or SAMEORIGIN.nosniff, browsers may misinterpret file types (MIME sniffing).Content-Security-Policy-Report-Only, monitor violations, then enforce.Server, X-Powered-By, X-AspNet-Version from responses.Security check history and HTTP security header monitoring.
Sign up freeSee the use-case section above. For a quick check, use our online form.
Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.