Back to Introduction
Medium Risk
Wiki Entry
Untrusted CDN Resources
Your website loads JavaScript or CSS from untrusted or potentially malicious CDNs.
Why This Matters
Loading resources from untrusted sources can lead to supply chain attacks where attackers compromise the CDN to inject malicious code into your site.
How to Fix
Framework-specific solutions and general best practices
Only load resources from trusted CDNs like jsDelivr, cdnjs, or Google Hosted Libraries. Host critical resources on your own domain when possible. Always use Subresource Integrity (SRI) hashes.
Quick Reference
Severity
Medium Risk
ID
untrusted_cdn_resourcesAI Assistant Prompt
Copy this prompt to ask an AI for help fixing this vulnerability:
Please fix the "Untrusted CDN Resources" security vulnerability in this web application. The issue is: Your website loads JavaScript or CSS from untrusted or potentially malicious CDNs. Make a plan and implement based on my project.