Remediating Cross-Domain Subresource Integrity (SRI) Checks Erin Conry Cross-Domain Subresource (SRI) Checks are scanned as part of the Cross-site Scripting Security Tests used to evaluate the Web Application Security Risk Vector.With this security test, we assess whether external resources include a valid integrity attribute. The grade is based on a weighted observation of vulnerable (no SRI) vs. not vulnerable (has SRI) resources.Need to fix this? Avoid loading scripts from third-party resources to prevent exposure to content and JavaScript manipulation by third parties or in case of a network compromise. If loading third-party scripts is necessary, you should use subresource integrity (SRI) tags whenever possible. How can I check the Cross-Domain Subresource Integrity setting in my web application? Use Chrome Developer Tools to inspect script tags and confirm presence of the integrity attribute.Does this impact my WAS Risk Vector Grade? Yes.Possible Grades: Good: Relevant SRI checks are implemented. (Weight = 0) Fair: Few or no SRI checks are implemented. (Weight = >0 and 0.1) What will I see in the Portal?Issue: Missing integrity attributeDetails: The page does not include an integrity attribute on cross-domain fetching of scripts.Good to Know: Certain scripts cannot have the integrity attribute set. Learn more about excluded scripts here. Learn more about subresource integrity (SRI) on the Bitsight blog or refer to Mozilla's developer documentation on Subresource Integrity. Related articles How is the Web Application Headers Risk Vector Assessed? Remediating Content Security Policy Configuration Findings Remediating Cross-Domain Subresource Integrity Failures Cross-Domain Subresource Integrity Exclusion Understanding the DMARC Risk Vector and how it affects your Bitsight Rating Feedback 0 comments Please sign in to leave a comment.