SRI Hash Generator

Generate Subresource Integrity (SRI) hashes and ready-to-use script/link tags for CDN assets. Secure your external resources client-side.

Browser-BasedResponsive UIPrivacy-First
Privacy: Hashing runs in your browser using the Web Crypto API. CDN URLs and file contents are never sent to a server.
Quick Examples

Asset Input

Fetches file via browser to compute integrity checksum. Requires CDN CORS support.

Paste raw file contents for offline hashing. No network request is made.

Generated Integrity Hashes

Hash Only
Generate hashes to see output...
Full HTML Tag
<!-- Generate hashes to see output... -->

CORS Notes

If the CDN URL fails to fetch, it is almost always a CORS issue. The CDN must include Access-Control-Allow-Origin headers.

Common CORS-friendly CDNs: jsDelivr, cdnjs, unpkg, cdn.skypack.

For CDNs without CORS, use the Raw Content tab to paste the file contents directly.

How it works

How Subresource Integrity Works

Use this free SRI hash generator to create Subresource Integrity checksums for CDN-hosted scripts and stylesheets. The tool computes SHA-256, SHA-384 (recommended), and SHA-512 hashes from a CDN URL or pasted file content, then outputs complete HTML tags with integrity and crossorigin attributes ready to paste into your project.

Subresource Integrity protects your users by ensuring that external resources loaded from a CDN have not been tampered with. If an attacker modifies the file on the CDN, the browser will refuse to execute or apply it because the hash will not match. This is a critical security layer for any site that loads third-party scripts or styles.

This generator supports two input modes: fetch a CDN URL directly through the browser (requires CORS support on the CDN), or paste raw file contents for offline hashing. The URL mode detects whether the asset is a script or stylesheet and generates the appropriate HTML tag. The content mode is useful when CORS blocks direct fetching or when you want to hash a local file.

Everything runs in your browser. CDN URLs and file contents are hashed using the Web Crypto API and are never transmitted to a server. The generated tags and hashes are ready for immediate use in your HTML, build tools, or deployment scripts.