Missing Subresource Integrity
info Web Application Scanning Plugin ID 98647
Synopsis
Missing Subresource IntegrityDescription
Subresource Integrity (SRI) is a web security standard that enables browsers to verify that resources hosted by third parties (CDN for example) are delivered without unexpected manipulation.SRI works by comparing a cryptographic hash declared in the integrity attribute of the resource tag (like script or link) used to fetch the resource and the calculated hash value of this resource.
No SRI have been detected for one or more resources.
Solution
Add a integrity attribute to the resource tag with prefixed and base64 encoded hash of the resource.See Also
https://www.owasp.org/index.php/3rd_Party_Javascript_Management_Cheat_Sheet#Subresource_Integrity
https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
Plugin Details
Severity: Info
ID: 98647
Type: remote
Family: Web Applications
Published: 8/1/2019
Updated: 9/2/2021
Scan Template: scan, pci, overview
Vulnerability Information
Patch Publication Date: 8/1/2019
Vulnerability Publication Date: 8/1/2019