← Cybersecurity Alphabet Soup

SRI

Subresource Integrity

appsechard

SRI lets a web page include a cryptographic hash on script and stylesheet tags so the browser verifies that files fetched from a CDN have not been tampered with. If the fetched file does not match the hash, the browser refuses to execute it. It is added during implementation and protects against supply chain attacks where a third-party host is compromised.

Sources

More in appsec