P2 · MediumSecurity

Scripts missing SRI

External scripts without integrity hash

Code: external_script_missing_sri

Why it matters

External scripts without integrity hash. Browsers and users expect sites to be secure. Missing protections expose visitors to data theft, phishing, and loss of trust.

How to fix

Add Subresource Integrity to external scripts

html

<!-- Generate the hash with: -->
<!-- openssl dgst -sha384 -binary script.js | openssl base64 -A -->

<script
  src="https://cdn.example.com/lib.js"
  integrity="sha384-HASH_HERE"
  crossorigin="anonymous"
></script>

Related checks in Security

SSL certificate expired

HTTPS certificate has expired

Certificate expiring soon

Certificate expires in < 7 days

Certificate expiring

Certificate expires in < 30 days

No HTTPS redirect

HTTP does not redirect to HTTPS

Mixed content

HTTPS page loads HTTP resources

Run a free scan to check your site

Get a complete audit in under 2 minutes. No account required.

Start Free Scan