SRI Hash Generator

Generate Subresource Integrity hashes so browsers can verify that CDN resources haven't been tampered with.

  1. Home
  2. Hash & Security
  3. SRI Hash Generator

Result

Enter content or a URL, select an algorithm, and click Generate to compute the SRI hash.

What Is Subresource Integrity (SRI)?

Subresource Integrity (SRI) is a security feature that allows browsers to verify that resources they fetch (from CDNs or other origins) have not been manipulated. It works by comparing a cryptographic hash of the fetched file against the expected hash specified in the integrity attribute of a <script> or <link> tag.

When you include an SRI hash, the browser will:

  • Download the resource from the CDN
  • Compute the hash of the downloaded content
  • Compare it to the integrity value you specified
  • Only execute the resource if the hashes match

If a CDN is compromised and the file is altered, the hash won't match and the browser blocks the resource, protecting your users from malicious code.

How to Use This SRI Hash Generator

  1. Choose input mode — Either paste the resource content directly, or provide a URL to fetch. The URL method is convenient but may be blocked by CORS policies on some servers.
  2. Select hash algorithm — Choose SHA-256, SHA-384, or SHA-512. SHA-384 is the most commonly used for SRI because it offers a good balance of security and performance. SHA-512 is the most secure but produces longer hashes.
  3. Click Generate — The tool computes the hash entirely in your browser. No data is sent to any server.
  4. Copy the integrity attribute — Use the generated integrity value in your <script> or <link> tags.
  5. Add to your HTML — Place the full tag into your HTML. For example: <script src="https://cdn.example.com/lib.js" integrity="sha384-..." crossorigin="anonymous"></script>

Which Algorithm Should You Use?

Algorithm Hash Size Base64 Length Recommendation
SHA-25632 bytes44 charsGood for small inline scripts
SHA-38448 bytes64 charsRecommended — Best balance
SHA-51264 bytes88 charsMaximum security, larger hash

Frequently Asked Questions

What does the integrity attribute look like?

The format is: integrity="sha384-BASE64HASH". The prefix indicates the algorithm (sha256, sha384, sha512), followed by a dash and the Base64-encoded hash.

Do I need the crossorigin attribute?

Yes. When using SRI with resources from external origins (different domain), the resource must be served with a Access-Control-Allow-Origin CORS header. Add crossorigin="anonymous" or crossorigin="use-credentials" to your tag. Without this, browsers will block the resource even if the integrity check passes.

Is SRI supported in all browsers?

SRI is supported in all modern browsers: Chrome 45+, Firefox 43+, Safari 13+, Edge 17+, and Opera 32+. If a browser doesn't support SRI, it simply ignores the integrity attribute and loads the resource normally.

Can I use SRI with CSS files?

Yes. Use <link rel="stylesheet" href="..." integrity="sha384-..." crossorigin="anonymous"> to verify CSS files loaded from CDNs.

Is my content sent to a server?

No. All hash computation happens entirely in your browser using the Web Crypto API. Your content never leaves your device.