HTML-Tools

Kostenlose SRI Hash Generator

Erstelle Subresource-Integrity-Hashes für Skript- und Stylesheet-Dateien mit SHA-256, SHA-384 oder SHA-512.

Tool wird geladen...

Was ist SRI Hash Generator?

Subresource Integrity (SRI) is a browser security feature that verifies the content of external scripts and stylesheets. You add an integrity attribute to your script or link tag containing a cryptographic hash of the file. Before executing the file, the browser computes its hash and compares it to the integrity value. If the hashes do not match — because the file was modified, compromised, or corrupted — the browser blocks the resource.

Kurze Antwort

Use Subresource Integrity (SRI) to protect your site from compromised CDN files. Generate a cryptographic hash of the file content, add the integrity attribute to your script or link tag, and include crossorigin='anonymous'. The browser blocks the resource if its actual hash does not match.

Einschränkungen

SRI only verifies the file content at load time. It does not protect against vulnerabilities within the loaded library itself (like XSS in an outdated jQuery version). Always keep libraries updated.
The hash must be regenerated every time the remote file changes. If you forget to update the integrity attribute after a library update, the resource is blocked and the page may break.
SRI does not work with resources that require credentials (cookies, HTTP auth) from a different origin. For credentialed cross-origin requests, use crossorigin='use-credentials' instead of 'anonymous'.

So nutzt du dieses Tool

Provide the file content by pasting the code directly, uploading the file, or both (pasted content takes priority).
Select the hash algorithm — SHA-256 is the standard; SHA-384 and SHA-512 are also valid.
Copy the generated integrity attribute and the complete script or link tag into your HTML.

Wofür du es nutzen kannst

Add integrity checks to CDN-hosted scripts like jQuery, Bootstrap, or any third-party library.
Verify that a downloaded library file matches the expected hash before deploying to production.
Generate integrity attributes for self-hosted assets when using a CDN and subdomain for caching.

Anwendungsfalle

Praxisbeispiele

Beispiel

Secure a CDN script tag

A site loads a utility library from a CDN. Generate the SRI hash from the exact file content, add the integrity attribute to the script tag, and include crossorigin='anonymous'. If the CDN file is ever tampered with, the browser refuses to execute it.

Beispiel

Verify a downloaded library

A developer downloads a minified CSS framework and wants to confirm it has not been modified. Upload the file to generate its SHA-384 hash, then compare it with the hash published on the framework's official site.

Haufige Fehler

Generating a hash from a development version of a file and using it on a different production version — the hashes will not match.
Forgetting the crossorigin='anonymous' attribute on the script or link tag, which prevents the browser from computing the hash for cross-origin resources.
Never updating the integrity hash after a CDN library upgrade — old hashes block the new file and break the page.

Überprüfung

Check the browser DevTools Network tab — a resource with a matching integrity hash loads normally; a mismatched resource is blocked in red with an SRI error.
Verify the generated hash by computing it independently: openssl dgst -sha256 -binary file.js | openssl base64 -A should match the generated integrity value.

FAQ

Fragen zu SRI Hash Generator

Do I need crossorigin='anonymous' for SRI to work?

Yes, if the resource is served from a different origin than your page. Without crossorigin='anonymous', the browser cannot compute the hash of a cross-origin resource and the integrity check is skipped. For same-origin resources, crossorigin is not required but is harmless to include.

What happens if the SRI hash does not match the file?

The browser refuses to execute the script or apply the stylesheet entirely. The resource is blocked and an error appears in the browser console. This protects your users from compromised CDN files, but it also means a legitimate file update without a corresponding hash update breaks your page.

Which hash algorithm should I use for SRI?

SHA-256 is the standard and most widely used. SHA-384 and SHA-512 are also valid and provide stronger collision resistance, but the larger hash values add more bytes to your HTML. For web use, SHA-256 is sufficient — the security comes from the integrity check itself, not the hash length.

Can I use SRI with dynamically loaded scripts?

SRI only works with static script and link tags in the HTML. For dynamically loaded scripts (via import() or appendChild), you can set the integrity property on the script element before appending it. Module scripts loaded with import() do not support SRI directly — use import maps with integrity instead.

Verwandte Tools

Weitere html-tools

Html

ARIA Live Region Generator

Erstelle barrierefreie ARIA-Live-Regionen für Screenreader-Ankündigungen.

Tool öffnen

Html

CSP Hash Generator

Erstelle CSP-Hash-Werte für Inline-Skripte und -Styles. Hashe exakten Code mit SHA-256, SHA-384 oder SHA-512.

Tool öffnen

Html

Customizable Select Generator

Generate CSS for customizable select elements using appearance: base-select, picker icons, checkmarks, and open/closed state styling.

Tool öffnen

Auch ausprobieren

Seo

AI-Crawler robots.txt Builder

Erstelle robots.txt-Regeln für KI-Crawler mit offenen, selektiven oder strikten Vorlagen.

Tool öffnen

Seo

Hreflang Sitemap Builder

Erstelle XML-Sitemap-Einträge mit hreflang-Alternates für mehrsprachige Seiten.

Tool öffnen

Seo

Hreflang-Tag-Generator

Erzeuge saubere hreflang-Tags für mehrsprachige statische Websites.

Tool öffnen