SRI Hash Generator

Subresource Integrity (SRI) is a web security feature that lets browsers verify that JavaScript and CSS files fetched from CDNs or third-party hosts haven't been tampered with. When you include an integrity attribute on a <script> or <link> tag, the browser computes a cryptographic hash of the downloaded file and compares it to the expected hash — refusing to execute the resource if they don't match.

SRI protects against a critical attack vector: CDN compromise. If an attacker gains access to a CDN and modifies a popular JavaScript library (like jQuery, React, or Bootstrap), every website loading that file gets the malicious version. With SRI, the browser detects the mismatch and blocks execution, preventing supply chain attacks, cryptojacking, and data exfiltration.

This SRI hash generator supports three modes — URL fetching, content pasting, and batch URL processing — plus a verification mode to check existing SRI hashes. It generates hashes using SHA-256, SHA-384 (recommended), or SHA-512, and produces ready-to-use <script> and <link> HTML tags. All hash computation runs in your browser using the Web Crypto API.

1. Choose your input mode — Select "URL" to fetch a resource directly, "Paste Content" to hash file contents you've copied, "Batch URLs" to process multiple resources at once, or "Verify" to check an existing SRI hash.
2. Select your algorithm — Choose SHA-256 (fastest), SHA-384 (recommended — resistant to length extension attacks), or SHA-512 (strongest).
3. Generate the hash — Click "Generate SRI Hash" to compute the integrity hash. The tool produces the hash string, a complete <script> tag, and a <link> tag.
4. Copy and use — Copy the integrity hash alone or the complete HTML tag and add it to your page. Include crossorigin="anonymous" when loading cross-origin resources.

• Multiple input modes — Generate hashes from a URL, pasted file content, batch URLs (one per line), or verify an existing hash against a live resource.
• Three hash algorithms — Choose between SHA-256, SHA-384 (recommended by the W3C), and SHA-512 based on your security requirements.
• Ready-to-use HTML tags — Get complete <script> and <link> tags with the integrity attribute and crossorigin="anonymous" already included.
• Integrity verification — Verify mode fetches a resource and compares its computed hash against an expected SRI string, catching modified or outdated resources.
• Batch processing — Process multiple CDN URLs at once, generating SRI hashes for all your external resources in a single operation.
• 100% client-side hashing — Hash computation uses the browser's native Web Crypto API. File contents are never sent to any server.

• Securing CDN-hosted libraries — Generate SRI hashes for JavaScript libraries (jQuery, React, Vue, Bootstrap) loaded from public CDNs like cdnjs, jsDelivr, or unpkg.
• Content Security Policy compliance — Some CSP configurations require SRI for external scripts. Generate the hashes needed to satisfy require-sri-for directives.
• Supply chain security audits — Verify that the JavaScript and CSS files your site loads from third parties haven't changed unexpectedly.
• CI/CD pipeline integration — Generate SRI hashes as part of your build process to ensure production HTML always references verified resource versions.
• Monitoring CDN integrity — Use the verify mode periodically to check that your CDN resources still match their expected hashes, catching unauthorized modifications.