Use SRI (Subresource Integrity) with web analytics beacon

Background:

SRI is a new W3C specification that allows web developers to ensure that resources hosted on third-party servers have not been tampered with. Use of SRI is recommended as a best-practice, whenever libraries are loaded from a third-party source.

It’s possible to generate a hash like this

openssl dgst -sha384 -binary FILENAME.js | openssl base64 -A

but when Cloudflare updates the scripts the script fails to load. Is it possible to stay with one version of the script so it can be embedded securely? Or can it be hosted locally?

This topic was automatically closed after 30 days. New replies are no longer allowed.