Script Integrity Attribute should be added to loaded scripts

JavaScript files loaded from another domain should be verified using the integrity attribute.


If the contents loaded from another domain is not verified the browser will execute the contents without verifying with a correct hash.

  • Farid Bonawiede
  • Jun 8 2021
  • Reviewed
  • Christian MOLINARI commented
    26 Sep, 2023 04:27pm

    I don't know if this task was not completed because of the low number of votes, but it would be nice if it were taken into consideration.

    My customers ask me for regular security reports, my webflow site passes them at 99% it only needs this fix to pass at 100%.

    De mon coté cela concerne tous les fichiers js suivant :

    <script src="https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js" type="text/javascript"></script>
    <script src="https://uploads-ssl.webflow.com/604637265ff6af53a0a489ea/js/webflow.b1dac7f20.js" type="text/javascript"></script>

    Although the second must change with each deployment, I assume.