SRI Hash Generator

Subresource Integrity (SRI) is a browser security feature that lets you verify that resources fetched from third-party CDNs (scripts, stylesheets) have not been tampered with. You include a cryptographic hash in the integrity attribute of a <script> or <link> tag; if the fetched file does not match the hash, the browser refuses to execute it.

When a browser fetches a resource that has an integrity attribute, it computes a hash of the downloaded file and compares it against the value(s) in the integrity attribute. If the hash matches, the resource is executed or applied. If it does not match — because the file was modified or the CDN was compromised — the browser blocks the resource and logs a console error.

<script> and <link rel="stylesheet"> elements support SRI. Other resource types (images, fonts, iframes) do not currently use the integrity attribute. SRI is most useful for files served from third-party CDNs where you do not control the server.

Yes. For cross-origin resources, the server must send a CORS header (Access-Control-Allow-Origin: *) and you must include crossorigin="anonymous" on the tag. Without this, the browser cannot read the response body to check the hash. Same-origin resources do not require the crossorigin attribute.

SRI is supported in all modern browsers: Chrome 45+, Firefox 43+, Safari 11.1+, Edge 17+, and Opera 32+. Internet Explorer does not support SRI. For unsupported browsers the integrity attribute is silently ignored, so adding SRI is safe and backward-compatible.