Support Subresource Integrity (SRI)

Search HubSpot Ideas or Create Idea
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Status: Idea Submitted
BMoles1
Submitted by on ‎Oct 30, 2025 9:31 AM

Please implement support for Subresource integrity validation (https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity)

Reason 1 to implement this security measure:
When a resource is referenced on the HTML code with a different domain from which the same HTML was loaded, then a malicious actor could interfere in the DNS resolution on the end user's machine, to make the resource be downloaded from a different location. Thus, a resource referenced with "https://js.hs-scripts.com/***.js" could be downloaded from a malicious server with malicious code. This type of attack can be prevented if HubSpot adds a verification string that allows the browser to confirm that the received asset is the expected one, without alterations.

Reason 2 to implement this security measure:
Even if there is no attack from a malicious actor. Security audits rise this security flaw as a vulnerability, causing reputational damage to the people maintaning the website and to the website's owner.


Please provide a solution to this.

See more ideas labeled with:
4 Replies
cognidox_vittal
Participant
‎Nov 4, 2025 6:25 AM

I'll upvote this as lack of SRI support can significantly negatively impact a company's percieved security rating (e.g. when using tools such as SecurityScorecard). 

 

 

TMaughan
Member
a month ago

Another upvote here. This has been highlighted by our infrastructure team as a vulnerability.

saran-bm
Member
a week ago

I would definitely upvote this This has been highly recommended by our Infra team.

FBalderas3
Member
a week ago

Fully in favor of this. Implementing Subresource Integrity (SRI) would greatly enhance the integrity and security of website resources.