SecureNow
Back to Introduction
High Risk
Wiki Entry

Missing Subresource Integrity

External JavaScript or CSS resources are loaded without Subresource Integrity (SRI) hashes.

Why This Matters

Without SRI, if a CDN is compromised, attackers can inject malicious code that will be executed by browsers. SRI ensures that only the expected content is loaded.

How to Fix
Framework-specific solutions and general best practices

Add integrity and crossorigin attributes to all external script and link tags. Generate hashes using tools like 'openssl dgst -sha384 -binary file.js | openssl base64 -A'.

Quick Reference
Severity
High Risk
ID
missing_sri
AI Assistant Prompt

Copy this prompt to ask an AI for help fixing this vulnerability:

Please fix the "Missing Subresource Integrity" security vulnerability in this web application.

The issue is: External JavaScript or CSS resources are loaded without Subresource Integrity (SRI) hashes.

Make a plan and implement based on my project.
    SecureNow - Protect Your Websites in minutes, not days