SRI is a new W3C specification that allows web developers to ensure that resources hosted on third-party servers have not been tampered with. Use of SRI is recommended as a best-practice, whenever libraries are loaded from a third-party source.
It’s possible to generate a hash like this
openssl dgst -sha384 -binary FILENAME.js | openssl base64 -A
but when Cloudflare updates the scripts the script fails to load. Is it possible to stay with one version of the script so it can be embedded securely? Or can it be hosted locally?