Web SecurityAlso called: "sri hash", "integrity hash"
SRI uses cryptographic hashes to ensure third-party resources match expected content.
How it works
- Add integrity attribute to
- Browser downloads the resource and computes its hash.
- If hash matches, resource loads; if not, browser blocks it.
Example
<script src="https://cdn.example.com/library.js"
integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
crossorigin="anonymous"></script>
Benefits
- Prevent supply chain attacks via compromised CDNs.
- Detect unauthorized modifications to third-party scripts.
- Meet security requirements for frameworks like PCI DSS.
Explore More Web Security
View all termsCross-Site Request Forgery (CSRF)
An attack that tricks a victim into submitting unauthorized requests using their authenticated session.
Read more →Cross-Site Scripting (XSS)
A web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
Read more →HTML Entity Encoding
A method of representing special characters in HTML using named or numeric references to prevent interpretation as code.
Read more →HTTP Cookie
Small pieces of data stored by web browsers, used for session management, personalization, and tracking.
Read more →HTTP Security Headers
Response headers that enable browser security protections against common web attacks.
Read more →JSON Web Token (JWT)
A compact, URL-safe token format used to securely transmit claims between parties in web applications.
Read more →