Subresource Integrity (SRI)

Subresource Integrity (SRI)

๐Ÿ“Œ Subresource Integrity (SRI) Summary

Subresource Integrity (SRI) is a security feature that helps ensure files loaded from third-party sources, such as JavaScript libraries or stylesheets, have not been tampered with. It works by allowing website developers to provide a cryptographic hash of the file they expect to load. When the browser fetches the file, it checks the hash. If the file does not match, the browser refuses to use it. This helps protect users from malicious code being injected into trusted libraries or resources.

๐Ÿ™‹๐Ÿปโ€โ™‚๏ธ Explain Subresource Integrity (SRI) Simply

Imagine you order a new phone online and the shop tells you the exact weight it should be. When it arrives, you weigh it. If the weight is wrong, you know something is off and do not use it. SRI works the same way for website files, checking that what you get is exactly what you expected.

๐Ÿ“… How Can it be used?

Subresource Integrity can be used to secure third-party scripts on your website, preventing compromised files from running.

๐Ÿ—บ๏ธ Real World Examples

A web developer links to a popular JavaScript library like jQuery from a CDN. They add an SRI hash to the script tag. If an attacker tries to alter the library on the CDN, the browser detects the change and blocks the script, keeping the website safe.

A company embeds a CSS framework from an external source in its customer portal. By including an SRI attribute with the correct hash, the browser ensures the stylesheet has not been modified before applying it, protecting the site’s appearance and user experience.

โœ… FAQ

What is Subresource Integrity and why is it important for websites?

Subresource Integrity, or SRI, is a way to make sure that files like scripts and stylesheets loaded from other websites have not been changed by anyone with bad intentions. It helps protect both the website and its visitors from harmful code by checking if the file matches a known signature. If something is not right, the browser will block the file, keeping the site safer.

How does Subresource Integrity work when loading third-party scripts?

When you use SRI, you add a special code called a hash to your script or link tag. This hash is like a fingerprint for the file. The browser checks the downloaded file against this fingerprint. If everything matches, the file loads as normal. If it does not, the browser will stop the file from running, so only safe files are used.

Do I need to update the SRI hash if the third-party file changes?

Yes, you do. If the file you are linking to is updated or changed, its fingerprint will also change. You will need to update the SRI hash in your website code so that the browser knows what to expect. If you forget, the browser will block the file because it thinks something might be wrong.

๐Ÿ“š Categories

๐Ÿ”— External Reference Links

Subresource Integrity (SRI) link

Ready to Transform, and Optimise?

At EfficiencyAI, we donโ€™t just understand technology โ€” we understand how it impacts real business operations. Our consultants have delivered global transformation programmes, run strategic workshops, and helped organisations improve processes, automate workflows, and drive measurable results.

Whether you're exploring AI, automation, or data strategy, we bring the experience to guide you from challenge to solution.

Letโ€™s talk about whatโ€™s next for your organisation.

๐Ÿ’กOther Useful Knowledge Cards

Balanced Scorecard

A Balanced Scorecard is a management tool that helps organisations track and measure their performance from several different perspectives, not just financial results. It typically includes four key areas: financial, customer, internal processes, and learning and growth. By using this approach, businesses can get a more complete picture of how well they are meeting their goals and where improvements are needed.

DataOps Methodology

DataOps Methodology is a set of practices and processes that combines data engineering, data integration, and operations to improve the speed and quality of data analytics. It focuses on automating and monitoring the flow of data from source to value, ensuring data is reliable and accessible for analysis. Teams use DataOps to collaborate more efficiently, reduce errors, and deliver insights faster.

Imitation Learning Techniques

Imitation learning techniques are methods in artificial intelligence where a computer or robot learns to perform tasks by observing demonstrations, usually from a human expert. Instead of programming every action or rule, the system watches and tries to mimic the behaviour it sees. This approach helps machines learn complex tasks quickly by copying examples, making it easier to teach them new skills without detailed instructions.

Output Archive

An output archive is a collection or storage location where the results or products of a process are saved for future use, review or distribution. This could include files, documents, images or data generated by a computer program, scientific experiment or business workflow. Output archives help to organise, protect and provide easy access to important results after a task is completed.

Stakeholder Engagement Plan

A Stakeholder Engagement Plan is a document that outlines how a project or organisation will communicate and interact with people or groups affected by its work. It identifies who the stakeholders are, what their interests or concerns may be, and the best ways to involve them in the process. The plan also sets out methods for gathering feedback, addressing issues, and keeping stakeholders informed throughout the project's life.