Missing Subresource Integrity (SRI)

SRI ensures that files you load from CDNs (like jQuery or Bootstrap) haven't been tampered with.

Business Risk

Supply Chain Attack: If you load `https://cdn.example.com/lib.js` and that CDN gets hacked, attackers can replace `lib.js` with malware. Your site will unwittingly execute this malware for every visitor. SRI prevents this by verifying the file's hash before execution.

Technical Details

The `integrity` attribute contains a base64-encoded cryptographic hash. If the downloaded file doesn't match the hash, the browser blocks it. This is mandatory for high-security applications.

Remediation Guide

<script 
  src="https://code.jquery.com/jquery-3.6.0.min.js" 
  integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" 
  crossorigin="anonymous">
</script>

html

External References

Verify Your Fix

Applied the configuration change? Run a live scan to confirm the vulnerability is patched.