Subresource Integrity (SRI)

Subresource Integrity (SRI)

๐Ÿ“Œ Subresource Integrity (SRI) Summary

Subresource Integrity (SRI) is a security feature that helps ensure files loaded from third-party sources, such as JavaScript libraries or stylesheets, have not been tampered with. It works by allowing website developers to provide a cryptographic hash of the file they expect to load. When the browser fetches the file, it checks the hash. If the file does not match, the browser refuses to use it. This helps protect users from malicious code being injected into trusted libraries or resources.

๐Ÿ™‹๐Ÿปโ€โ™‚๏ธ Explain Subresource Integrity (SRI) Simply

Imagine you order a new phone online and the shop tells you the exact weight it should be. When it arrives, you weigh it. If the weight is wrong, you know something is off and do not use it. SRI works the same way for website files, checking that what you get is exactly what you expected.

๐Ÿ“… How Can it be used?

Subresource Integrity can be used to secure third-party scripts on your website, preventing compromised files from running.

๐Ÿ—บ๏ธ Real World Examples

A web developer links to a popular JavaScript library like jQuery from a CDN. They add an SRI hash to the script tag. If an attacker tries to alter the library on the CDN, the browser detects the change and blocks the script, keeping the website safe.

A company embeds a CSS framework from an external source in its customer portal. By including an SRI attribute with the correct hash, the browser ensures the stylesheet has not been modified before applying it, protecting the site’s appearance and user experience.

โœ… FAQ

What is Subresource Integrity and why is it important for websites?

Subresource Integrity, or SRI, is a way to make sure that files like scripts and stylesheets loaded from other websites have not been changed by anyone with bad intentions. It helps protect both the website and its visitors from harmful code by checking if the file matches a known signature. If something is not right, the browser will block the file, keeping the site safer.

How does Subresource Integrity work when loading third-party scripts?

When you use SRI, you add a special code called a hash to your script or link tag. This hash is like a fingerprint for the file. The browser checks the downloaded file against this fingerprint. If everything matches, the file loads as normal. If it does not, the browser will stop the file from running, so only safe files are used.

Do I need to update the SRI hash if the third-party file changes?

Yes, you do. If the file you are linking to is updated or changed, its fingerprint will also change. You will need to update the SRI hash in your website code so that the browser knows what to expect. If you forget, the browser will block the file because it thinks something might be wrong.

๐Ÿ“š Categories

๐Ÿ”— External Reference Links

Subresource Integrity (SRI) link

Ready to Transform, and Optimise?

At EfficiencyAI, we donโ€™t just understand technology โ€” we understand how it impacts real business operations. Our consultants have delivered global transformation programmes, run strategic workshops, and helped organisations improve processes, automate workflows, and drive measurable results.

Whether you're exploring AI, automation, or data strategy, we bring the experience to guide you from challenge to solution.

Letโ€™s talk about whatโ€™s next for your organisation.

๐Ÿ’กOther Useful Knowledge Cards

Balanced Scorecard

A Balanced Scorecard is a management tool that helps organisations track and measure their performance from several different perspectives, not just financial results. It typically includes four key areas: financial, customer, internal processes, and learning and growth. By using this approach, businesses can get a more complete picture of how well they are meeting their goals and where improvements are needed.

Penetration Testing Framework

A penetration testing framework is a structured set of guidelines, tools and processes used to plan and carry out security tests on computer systems, networks or applications. It provides a consistent approach for ethical hackers to identify vulnerabilities by simulating attacks. This helps organisations find and fix security weaknesses before malicious attackers can exploit them.

Blockchain-AI Integration

Blockchain-AI integration refers to the use of blockchain technology together with artificial intelligence to create systems that are secure, transparent, and efficient. Blockchain provides a secure way to store and share data, while AI can analyse and make decisions based on that data. By combining them, organisations can ensure that AI models work with trustworthy information and that decisions are traceable.

Knowledge Tracing

Knowledge tracing is a technique used to monitor and predict a learner's understanding of specific topics or skills over time. It uses data from quizzes, homework, and other activities to estimate how much a student knows and how likely they are to answer future questions correctly. This helps teachers and learning systems personalise instruction to each student's needs and progress.

Chainlink VRF

Chainlink VRF, or Verifiable Random Function, is a blockchain technology that provides provably fair and tamper-proof random numbers. It is often used in smart contracts that require trusted random outcomes, such as games or lotteries. By using Chainlink VRF, developers can ensure that the random numbers used in their applications are both secure and verifiable by anyone.