Script Integrity Attribute should be added to loaded scripts

JavaScript files loaded from another domain should be verified using the integrity attribute.


If the contents loaded from another domain is not verified the browser will execute the contents without verifying with a correct hash.

  • Farid Bonawiede
  • Jun 8 2021
  • Reviewed
  • Ross Newton commented
    24 Apr 15:27

    JavaScript files and CSS from Webflow should be verified with the integrity attribute as well. As like someone else said, Webflow websites will fail security reports due to a lack of integrity on the downloaded assets from Webflow (e.g. JS, CSS, etc.)

  • Christian MOLINARI commented
    September 26, 2023 16:27

    I don't know if this task was not completed because of the low number of votes, but it would be nice if it were taken into consideration.

    My customers ask me for regular security reports, my webflow site passes them at 99% it only needs this fix to pass at 100%.

    De mon coté cela concerne tous les fichiers js suivant :

    <script src="https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js" type="text/javascript"></script>
    <script src="https://uploads-ssl.webflow.com/604637265ff6af53a0a489ea/js/webflow.b1dac7f20.js" type="text/javascript"></script>

    Although the second must change with each deployment, I assume.