Web Front-end
HTML Tutorial
What are the integrity and crossorigin html attributes used for when loading scripts or styles from a CDN?
What are the integrity and crossorigin html attributes used for when loading scripts or styles from a CDN?
Jul 01, 2025 am 01:39 AM
The integrity attribute ensures a resource hasn’t been modified by using a cryptographic hash, while crossorigin handles cross-origin requests to enable proper validation. 1. Integrity checks the file’s authenticity via SHA-256, SHA-384, or SHA-512 hashes, blocking malicious or corrupted code if the hash doesn’t match. 2. Crossorigin enables CORS compatibility, typically set to anonymous for CDN scripts and styles. 3. Use both together when loading critical third-party assets to ensure security and reliability, updating hashes when versions change. 4. Gotchas include manual hash maintenance and testing after updates, though automation tools can help.
When you're loading scripts or styles from a CDN, using the integrity and crossorigin attributes helps improve security and reliability. These two attributes work together to ensure that the resource being loaded hasn’t been tampered with and that it’s fetched correctly across domains.
What is the integrity attribute for?
The integrity attribute is used to verify that the resource (like a JavaScript file or CSS stylesheet) delivered by the CDN hasn’t been modified. It uses a cryptographic hash of the file content to make sure what you’re loading matches exactly what you expect.
If the hash doesn't match — say, because someone tampered with the CDN or there was a network error — the browser won’t load the resource. This protects your site from loading malicious or corrupted code.
- Example usage:
<script src="https://cdn.example.net/example.js" integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6 RrvGQRnNpKjzIVQwvLg==" crossorigin="anonymous"></script>
To use this, you need to generate a hash of the file in the correct format (usually SHA-256, SHA-384, or SHA-512). Tools like openssl or online SRI (Subresource Integrity) generators can help with that.
Why do you need the crossorigin attribute?
CDNs are often hosted on different domains, and browsers enforce CORS (Cross-Origin Resource Sharing) policies when fetching resources from them. The crossorigin attribute tells the browser how to handle these cross-origin requests.
Even if you're not making API calls, scripts and stylesheets pulled from a CDN are still subject to CORS rules. Without setting crossorigin, some browsers may not allow the browser to verify the integrity hash properly.
Common values:
-
crossorigin="anonymous"— sends a request without credentials (cookies, etc.), which is usually what you want. -
crossorigin="use-credentials"— includes cookies and other auth info, but rarely needed for public CDNs.
Just remember: if you include an integrity attribute, always add crossorigin="anonymous" unless you have a specific reason not to.
When should you use both together?
You should use integrity and crossorigin together whenever you’re loading critical assets from third-party CDNs — especially for libraries like jQuery, Bootstrap, or React.
This combination gives you:
- Security via content verification (
integrity) - Compatibility with CORS policies (
crossorigin)
It’s especially useful for open-source projects or high-traffic sites where CDN trust is important. However, it’s worth noting that if the CDN changes the file even slightly (e.g., a new version), your hash will stop matching, and the resource won’t load. So keep your hashes updated when versions change.
A few gotchas and tips
- Generating and maintaining hashes manually can be tedious. Some build tools automate this process.
- Always test that your page still works after adding these attributes — especially after updating dependencies.
- If you host the files yourself (not using a CDN), you don’t strictly need these attributes, though they can still provide benefits.
That’s basically it — integrity checks the file's authenticity, and crossorigin makes sure the browser can fetch and validate it properly. Not super complex, but easy to overlook or misconfigure.
The above is the detailed content of What are the integrity and crossorigin html attributes used for when loading scripts or styles from a CDN?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Applying Semantic Structure with article, section, and aside in HTML
Jul 05, 2025 am 02:03 AM
The rational use of semantic tags in HTML can improve page structure clarity, accessibility and SEO effects. 1. Used for independent content blocks, such as blog posts or comments, it must be self-contained; 2. Used for classification related content, usually including titles, and is suitable for different modules of the page; 3. Used for auxiliary information related to the main content but not core, such as sidebar recommendations or author profiles. In actual development, labels should be combined and other, avoid excessive nesting, keep the structure simple, and verify the rationality of the structure through developer tools.
What is the loading='lazy' one of the html attributes and how does it improve page performance?
Jul 01, 2025 am 01:33 AM
loading="lazy" is an HTML attribute for and which enables the browser's native lazy loading function to improve page performance. 1. It delays loading non-first-screen resources, reduces initial loading time, saves bandwidth and server requests; 2. It is suitable for large amounts of pictures or embedded content in long pages; 3. It is not suitable for first-screen images, small icons, or lazy loading using JavaScript; 4. It is necessary to cooperate with optimization measures such as setting sizes and compressing files to avoid layout offsets and ensure compatibility. When using it, you should test the scrolling experience and weigh the user experience.
What are best practices for writing valid and well-formed HTML code?
Jul 01, 2025 am 01:32 AM
When writing legal and neat HTML, you need to pay attention to clear structure, correct semantics and standardized format. 1. Use the correct document type declaration to ensure that the browser parses according to the HTML5 standard; 2. Keep the tag closed and reasonably nested to avoid forgetting closed or wrong nesting elements; 3. Use semantic tags such as, etc. to improve accessibility and SEO; 4. The attribute value is always wrapped in quotes, and single or double quotes are used uniformly. Boolean attributes only need to exist, and the class name should be meaningful and avoid redundant attributes.
What are the essential HTML elements for structuring a webpage?
Jul 03, 2025 am 02:34 AM
The web page structure needs to be supported by core HTML elements. 1. The overall structure of the page is composed of , , which is the root element, which stores meta information and displays the content; 2. The content organization relies on title (-), paragraph () and block tags (such as ,) to improve organizational structure and SEO; 3. Navigation is implemented through and implemented, commonly used organizations are linked and supplemented with aria-current attribute to enhance accessibility; 4. Form interaction involves , , and , to ensure the complete user input and submission functions. Proper use of these elements can improve page clarity, maintenance and search engine optimization.
How to use the style html attributes for inline CSS?
Jul 01, 2025 am 01:42 AM
It is actually very simple to write inline styles using HTML's style attribute. Just add style="..." to the tag and then write CSS rules in it. 1. The basic writing method is CSS style with the attribute value in the form of a string. Each style is separated by a semicolon. The format is the attribute name: attribute value. For example: this paragraph of text is red. Note that the entire style string should be wrapped in double quotes. Each CSS attribute should be added with a semicolon after it. The attribute name is standard writing method of CSS; 2. Applicable scenarios for inline styles include dynamic style control, email template development and rapid debugging, such as allowing the picture to be displayed in the center to be written; 3. Several pitfalls that need to be avoided include high priority but difficult to maintain, many code repetitions, and special characters.
How can JavaScript be used to create and manipulate HTML tags?
Jul 01, 2025 am 01:42 AM
JavaScript dynamically creates, modifys, moves and deletes HTML elements through DOM operations. 1. Use document.createElement() to create a new element and add it to the page through appendChild() or insertBefore(); 2. Select existing elements through querySelector() or getElementById(), and modify them using textContent, innerHTML, setAttribute() and other methods; 3. When processing multiple elements through loops, you need to note that querySelectorAll() returns NodeList; 4. Move
Which html attributes are most important for SEO?
Jul 01, 2025 am 01:44 AM
ThefourmostimpactfulHTMLattributesforSEOarethetitletag,altattribute,hrefattribute,andmetadescription.1.Thetitletaginthesectioniscrucialasitinformsusersandsearchenginesaboutthepage’scontent,mustbeconcise,keyword-relevant,under60characters,anduniqueper
Implementing client-side form validation using HTML attributes.
Jul 03, 2025 am 02:31 AM
Client-sideformvalidationcanbedonewithoutJavaScriptbyusingHTMLattributes.1)Userequiredtoenforcemandatoryfields.2)ValidateemailsandURLswithtypeattributeslikeemailorurl,orusepatternwithregexforcustomformats.3)Limitvaluesusingmin,max,minlength,andmaxlen
