AES Encryption Explained: How It Works and Why It Matters
Jun 23, 2026
Generate Subresource Integrity hashes so browsers can verify that CDN resources haven't been tampered with.
Note: Some URLs may be blocked by CORS policies.
Enter content or a URL, select an algorithm, and click Generate to compute the SRI hash.
Subresource Integrity (SRI) is a security feature that allows browsers to verify that resources they fetch (from CDNs or other origins) have not been manipulated. It works by comparing a cryptographic hash of the fetched file against the expected hash specified in the integrity attribute of a <script> or <link> tag.
When you include an SRI hash, the browser will:
integrity value you specifiedIf a CDN is compromised and the file is altered, the hash won't match and the browser blocks the resource, protecting your users from malicious code.
integrity value in your <script> or <link> tags.<script src="https://cdn.example.com/lib.js" integrity="sha384-..." crossorigin="anonymous"></script>| Algorithm | Hash Size | Base64 Length | Recommendation |
|---|---|---|---|
| SHA-256 | 32 bytes | 44 chars | Good for small inline scripts |
| SHA-384 | 48 bytes | 64 chars | Recommended — Best balance |
| SHA-512 | 64 bytes | 88 chars | Maximum security, larger hash |
integrity attribute look like?The format is: integrity="sha384-BASE64HASH". The prefix indicates the algorithm (sha256, sha384, sha512), followed by a dash and the Base64-encoded hash.
crossorigin attribute?Yes. When using SRI with resources from external origins (different domain), the resource must be served with a Access-Control-Allow-Origin CORS header. Add crossorigin="anonymous" or crossorigin="use-credentials" to your tag. Without this, browsers will block the resource even if the integrity check passes.
SRI is supported in all modern browsers: Chrome 45+, Firefox 43+, Safari 13+, Edge 17+, and Opera 32+. If a browser doesn't support SRI, it simply ignores the integrity attribute and loads the resource normally.
Yes. Use <link rel="stylesheet" href="..." integrity="sha384-..." crossorigin="anonymous"> to verify CSS files loaded from CDNs.
No. All hash computation happens entirely in your browser using the Web Crypto API. Your content never leaves your device.
Generate MD5 hashes
Generate SHA-256 hashes
Compute file checksums
Generate HMAC signatures
Generate Content Security Policy
Test password strength
Identify hash algorithm
Generate OpenSSL commands
Blog
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026