Language
English English Vietnamese (Tiếng Việt) Vietnamese (Tiếng Việt) Chinese (简体中文) Chinese (简体中文) Portuguese (Brazil) (Português do Brasil) Portuguese (Brazil) (Português do Brasil) Spanish (Español) Spanish (Español) Indonesian (Bahasa Indonesia) Indonesian (Bahasa Indonesia)
SRI Hash Generator

SRI Hash Generator

Generate Subresource Integrity hashes to verify that scripts and stylesheets loaded from a CDN haven't been tampered with.

SRI Hash Generator for Subresource Integrity

This SRI hash generator creates the integrity hash your browser uses to verify that a script or stylesheet loaded from a CDN has not been tampered with. Paste the file content, pick an algorithm, and copy a ready-to-paste <script> or <link> tag.

It is built for front-end and web developers who pull libraries from third-party CDNs and want a Subresource Integrity (SRI) safeguard. Adding an integrity attribute means the browser blocks the resource if its hash does not match — closing off one common supply-chain attack.

Private by design: every hash is computed in your browser with the Web Crypto API. Your file content is never uploaded to any server.

How to Generate an SRI Hash

1

Paste the file content

Copy the full content of the JavaScript or CSS file you want to protect into the Content box. The hash is generated automatically as you type or paste.

2

Choose an algorithm

Pick SHA-256, SHA-384, or SHA-512. SHA-384 is selected by default and is the recommended choice for SRI.

3

Set the tag type and URL

Choose script or link as the Tag Type. Add an optional Resource URL — a .js or .css link auto-detects the matching tag type for you.

4

Copy the output

Copy the Integrity Hash on its own, or the complete HTML tag with the integrity and crossorigin attributes already in place, then paste it into your page.

Features

Multiple Hash Algorithms

Generate SRI hashes with SHA-256, SHA-384, or SHA-512. SHA-384 is the default and the algorithm recommended by the W3C SRI specification.

Auto-Detect Tag Type

Enter a resource URL and the tool picks script for a .js file or link for a .css file — or switch the tag type manually anytime.

Ready-to-Use HTML Tag

Get a complete tag with the integrity and crossorigin="anonymous" attributes already included, so you can paste it straight into your HTML.

Optional Resource URL

Add the CDN URL of the resource and it is dropped into the generated tag's src or href so the output is ready to use as-is.

One-Click Copy

Copy the integrity hash value or the full HTML tag with a single click, with a quick on-screen confirmation each time.

Client-Side Processing

All hashing runs in your browser via the Web Crypto API. Your file content is never sent to a server, keeping it fully private.

Frequently Asked Questions

What is Subresource Integrity (SRI)?

SRI is a browser security feature that verifies files loaded from external sources, such as CDNs, have not been altered. You add an integrity attribute holding the file's expected hash to a <script> or <link> tag; the browser compares it against the downloaded file and blocks the resource if they do not match.

How do I generate an SRI hash?

Paste the exact content of the JavaScript or CSS file into the Content box. The tool hashes it instantly with your chosen algorithm and gives you both the raw integrity hash and a complete HTML tag to copy.

Which hash should I use: SHA-256, SHA-384, or SHA-512?

SHA-384 is recommended by the W3C and is the most widely used algorithm for SRI, giving a strong balance of security and performance. SHA-256 and SHA-512 are also supported by every modern browser, so use whichever your project requires.

Do I need the crossorigin attribute?

Yes. crossorigin="anonymous" is required for SRI to work with resources from a different origin, such as a CDN. Without it the browser cannot verify the integrity of a cross-origin resource — which is why the generated tag includes it for you.

Why is my integrity check failing?

The most common cause is that the file served differs from the content you hashed — even a single changed byte produces a different hash, so re-generate from the exact CDN file. A missing crossorigin attribute or a CDN that does not send the Access-Control-Allow-Origin header will also make verification fail. Most major CDNs (jsDelivr, cdnjs, unpkg) already support CORS.

Can I add SRI to a CDN script?

Yes — that is the main use case. Generate the hash from the CDN file's content, paste in the resource URL, and copy the ready-made tag. The SRI spec also allows multiple hashes in one tag separated by spaces (for example sha256-… sha384-…); this tool produces one hash at a time, which you can combine manually if you want fallbacks.

Subresource Integrity (SRI) allows browsers to verify that resources loaded from CDNs or third-party servers have not been tampered with. Paste the file content below to generate an integrity hash, then add it to your HTML tag.

Resource URL Optional
Content
Output

Paste content or enter a URL to generate SRI hash

Integrity Hash
HTML
Paste the exact file content from the CDN resource to generate a matching hash
SHA-384 is the recommended algorithm for SRI and is selected by default
Enter a resource URL to get a ready-to-use HTML tag with the integrity attribute
The tag type auto-detects from the URL extension — .js for script, .css for link
All hashing happens in your browser — your content never leaves your device
Want to learn more? Read documentation →
1/6
Start typing to search...
Searching...
No results found
Try searching with different keywords