Loading tool...
Visual Content Security Policy builder. Create CSP headers to protect against XSS and code injection attacks
Generate ultra-secure passwords with presets (Simple to Paranoid), strength analysis, entropy calculation, crack time estimation, password history, and bulk generation
Generate Certificate Signing Requests (CSR) for SSL/TLS certificates with RSA key pairs. Submit to CAs for certificate issuance
Generate Subresource Integrity (SRI) hashes for JavaScript and CSS files fetched from content delivery networks (CDNs). SRI is a critical security feature that allows browsers to verify that resources from CDNs have not been tampered with, compromised, or modified. Using CDNs improves performance but introduces risk if the CDN is compromised or if network-level attacks occur. This tool generates cryptographic hashes in SHA-256, SHA-384, and SHA-512 algorithms that browsers verify before executing scripts or applying styles, protecting your users from supply chain attacks. The tool accepts file uploads, direct code pasting, or URLs (when CORS permits), generating ready-to-use integrity attributes and complete script/link tags for immediate deployment. Essential for security-conscious developers using third-party resources.
Generate SRI hashes for JavaScript libraries loaded from CDNs, protecting users from compromised CDN infrastructure or network-level attacks.
Detect and prevent execution of tampered scripts through SRI verification, adding a layer of security against compromised dependencies.
Verify that CSS files fetched from CDNs match their intended content, preventing injection of malicious styles or defacement.
Implement SRI to satisfy security standards and compliance requirements such as CSP policies and security best practices.
Use SRI hash mismatches to detect and alert on unauthorized modifications to resources, identifying potential security breaches.
Implement comprehensive SRI across all third-party resources to reduce supply chain risk exposure in modern web applications.
Subresource Integrity (SRI) is a W3C security specification that addresses one of the most significant trust problems in modern web architecture: the reliance on third-party hosted resources. When a website loads JavaScript or CSS from a content delivery network, it implicitly trusts that the CDN will serve the correct, unmodified file every time. SRI eliminates this blind trust by embedding a cryptographic hash of the expected file content directly in the HTML tag that loads the resource. The browser then independently computes the hash of the downloaded file and compares it against the expected value before execution.
The cryptographic foundation of SRI relies on hash functions from the SHA-2 family, specifically SHA-256, SHA-384, and SHA-512. These are one-way functions that produce a fixed-length digest from any input, with the critical property that even a single bit change in the input produces a completely different hash. SHA-384 is the recommended algorithm for SRI because it offers strong collision resistance while remaining computationally efficient. The hash is Base64-encoded and prefixed with the algorithm name (e.g., sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC) to form the integrity attribute value.
SRI directly mitigates supply chain attacks, which have become one of the most dangerous vectors in web security. In a supply chain attack, an adversary compromises the CDN infrastructure, a package maintainer account, or the build pipeline to inject malicious code into widely-used libraries. Notable incidents include the event-stream npm package compromise and the British Airways Magecart attack, where injected scripts harvested credit card data from thousands of users. With SRI in place, any modification to the hosted file causes a hash mismatch, and the browser refuses to execute the resource entirely, blocking the attack.
The SRI mechanism works in conjunction with Cross-Origin Resource Sharing (CORS). For the browser to compute the hash of a cross-origin resource, the server must include the Access-Control-Allow-Origin header, and the loading tag must include the crossorigin="anonymous" attribute. Without CORS, the browser cannot read the resource content for verification. This requirement means SRI adoption depends on CDN providers properly configuring CORS headers, which all major CDNs now support. The integrity attribute can include multiple hashes with different algorithms, allowing graceful migration between hash algorithms as security requirements evolve.
SHA-384 is recommended as the best balance of security and browser support. SHA-256 also works well for most uses.
SRI requires CORS to access the file contents for verification. Without crossorigin, the browser cannot check the hash.
The browser will refuse to load the resource, protecting your users from potentially malicious code.
All processing happens directly in your browser. Your files never leave your device and are never uploaded to any server.