https://takao.blog/en/tags/integrity/Recent content in Integrity on Commentary of TakaoHugo -- gohugo.ioenCommentary of TakaoSat, 13 Jun 2026 23:11:50 +0900https://takao.blog/en/web/subresource-integrity/Fri, 20 Dec 2024 00:00:00 +0900https://takao.blog/en/web/subresource-integrity/<img src="https://takao.blog/img/thumnail.webp" alt="Featured image of post Subresource Integrity: Protecting Your CDN Dependencies" /><p>Subresource Integrity (SRI) is a security feature that lets browsers verify that resources fetched from CDNs or third-party origins have not been tampered with. In an era of supply chain attacks — the British Airways Magecart breach, the Polyfill.io compromise, and numerous CDN incidents — SRI provides cryptographic assurance that the resource your page loads is exactly what you intended.</p> <h2 id="how-sri-works">How SRI Works </h2><p>When you add an <code>integrity</code> attribute to a <code>&lt;script&gt;</code> or <code>&lt;link rel=&quot;stylesheet&quot;&gt;</code> tag, the browser computes the hash of the fetched resource and compares it to the attribute value. If they don&rsquo;t match, the browser refuses to execute or apply the resource.</p>