Browser-only tool
SRI hash calculator
Paste asset content to generate `integrity` attributes for `<script>` or `<link>` tags. Useful for static integrity hardening workflows.
Warning: SRI verifies bytes only. It does not prove script trustworthiness and fails whenever file bytes change.
Privacy And Limitations
Content is hashed locally in your browser and is not uploaded.
- SRI validates bytes, not trust in script behavior.
- SRI breaks when asset bytes change, including minification or CDN rewrites.
- You still need CSP, trusted sources, and deployment controls.
FAQ
What is SRI used for?
SRI lets browsers verify that fetched assets match expected hashes before executing them.
Which algorithm should I pick?
SHA-384 is a common default for SRI, while SHA-512 offers a longer hash.
Why does SRI fail after deploy?
Any byte change invalidates the hash, including build changes, CDN transforms, or file updates.
Does SRI replace CSP?
No. SRI and CSP are complementary controls.
Is hashing done locally?
Yes. The page computes hashes in the browser.