Online Subresource Integrity (SRI) Hash Generator

Subresource Integrity (SRI) is a security feature that allows browsers to verify that external resources such as JavaScript or CSS files loaded from a CDN have not been modified or tampered with. By adding an integrity attribute to your <script> or <link> tags, the browser ensures the file content matches the expected cryptographic hash before executing or applying it.

This online SRI Hash Generator helps you quickly generate SHA-256, SHA-384, and SHA-512 integrity hashes for local files, CDN URLs, or pasted content no setup required.

Contents

  1. What Is an SRI Hash?
  2. Generate SRI Hashes
  3. Auto Generate SRI for Script Tags
  4. Script & Style Integrity Validator

H2: Supported Hash Algorithms

  • SHA-256 - Lightweight and commonly used
  • SHA-384 - Recommended by many CDNs
  • SHA-512 - Highest security level

Features of This SRI Hash Generator

  • Supports JavaScript and CSS files
  • Generate SHA-256, SHA-384, and SHA-512 hashes
  • Works with local files, URLs, and text input
  • One-click copy for integrity attribute
  • Browser-based processing (no uploads stored)
  • Fast and developer friendly

⚙️ Generate SRI Hashes

This tool allows you to generate Subresource Integrity (SRI) hashes using three different input methods. Using File, CDN URL, or Pasted Content. Upload a local JavaScript or CSS file, fetch a public CDN resource, or paste code directly. Select a hash algorithm (SHA-256, SHA-384, or SHA-512), and the tool instantly generates a browser ready integrity value fully in your browser with no data stored.

How to Use

  1. Upload a JavaScript or CSS file or CDN file URL or Paste raw file content
  2. Choose a hash algorithm (SHA-256, SHA-384, SHA-512)
  3. Generate the SRI hash instantly

From File

Upload a local JavaScript or CSS file to generate an SRI hash instantly in your browser. Files are processed locally and never uploaded.

Drag file here or click to browse (.js, .css)
Choose file
Note: Only JavaScript (.js) and CSS (.css) files are supported for SRI hash generation.

Select algorithm:

⚙️ Auto Generate SRI for Script Tags

Paste an HTML <script> tag and automatically generate the Subresource Integrity hash. The tool outputs a secure script tag with the correct integrity and crossorigin attributes, ready to use.

Auto-Generated SRI Integrity Tag:

HTML
<script src="https://code.jquery.com/jquery-4.0.0.js"
        integrity="sha384-APu9Wsqa2hd37oK6SeCskR3aUUS0j2fom8MtF+/xHm6R1g77uf7+Teedrq5d6Jeo"
        crossorigin="anonymous"></script>

✔️ Script & Style Integrity Validator

Paste any HTML <script> or <link> tag to verify its SRI hash against the actual source file. The tool extracts the URL and integrity value, downloads the file locally in your browser, and checks whether the hash matches. If the SRI hash does not match, the tool generates the correct hash and regenerates an updated tag.

Enter a single <script> or <link> tag containing an integrity attribute.

Integrity Matched
Resource URL
https://code.jquery.com/jquery-4.0.0.js
Algorithm
sha384
Current Hash (from Tag)
APu9Wsqa2hd37oK6SeCskR3aUUS0j2fom8MtF+/xHm6R1g77uf7+Teedrq5d6Jeo
Actual Hash (from file)
APu9Wsqa2hd37oK6SeCskR3aUUS0j2fom8MtF+/xHm6R1g77uf7+Teedrq5d6Jeo

🔐 What Is an SRI Hash?

A Subresource Integrity (SRI) hash is a cryptographic hash value that allows a web browser to verify that an external resource such as a JavaScript or CSS file loaded from a CDN has not been altered.

When a browser loads a file with an integrity attribute, it calculates the hash of the downloaded file and compares it with the provided SRI hash. If the values do not match, the browser blocks the resource from loading.

This mechanism protects websites from:

  • Compromised CDN files
  • Malicious code injection
  • Accidental file modifications

Understanding the integrity and crossorigin Attributes

When you use SRI, you'll add two important attributes to your <script> or <link> tags:

  • integrity: This attribute contains the cryptographic hash of the resource, prefixed by the hash algorithm used (e.g., sha-384-ADjU4obM7uGS0IMPG2fxxTV...). The browser uses this value to verify the fetched resource.
  • crossorigin: This attribute specifies how the element handles CORS (Cross-Origin Resource Sharing). For SRI to work correctly, the browser needs to perform an anonymous cross-origin fetch, which requires setting crossorigin="anonymous".

Example for a JavaScript file:

HTML
<script
  src="https://cdn.example.com/app.min.js"
  integrity="sha384-BASE64_HASH"
  crossorigin="anonymous">
</script>

Example for a CSS file:

HTML
<link rel="stylesheet"
	  href="https://example.com/style.css"
      integrity="sha-384-hkIYINzEYpSdsJb6QSma..."
      crossorigin="anonymous">

Why Use Subresource Integrity?

  1. Prevents loading of modified or compromised files
  2. Protects against supply-chain attacks
  3. Ensures trusted CDN content
  4. Improves overall website security
  5. Recommended for production websites

When Should You Update the SRI Hash?

You must regenerate the SRI hash whenever:

  • The CDN file version changes
  • The file content is updated
  • You switch to a different CDN provider

If the file content changes even by one character the hash verification fails and the browser refuses to execute the file.

Frequently Asked Questions (FAQ)

What is Subresource Integrity (SRI)?

SRI is a browser security feature that allows websites to verify that externally loaded resources such as JavaScript or CSS files have not been modified.

Which hash algorithm should I use for SRI?

SHA-384 is commonly recommended and supported by most CDNs, offering a good balance between security and performance.

Why does my SRI integrity check fail?

An integrity check fails when the file content changes or the hash does not match exactly. Even a small change in the file will cause the browser to block the resource.

Can I generate SRI hashes directly in the browser?

Yes. Modern browsers support the Web Crypto API, allowing SRI hashes to be generated securely without uploading files to a server.