Unsafe Implementation Of Subresource Integrity error

Hello Team,

We are using this plugin in our website https://www.brufen.com/ but when we are scanning this website in scorecard scanner it’s showing “Unsafe Implementation Of Subresource Integrity” error for https://static.addtoany.com/menu/page.js javascript file. We are requesting to you please check this error and resolve.

Error Description :-

Subresource Integrity (SRI) is a security feature in web development designed to ensure the integrity of externally loaded resources on a webpage. These include scripts, stylesheets, and fonts. With SRI, developers include a cryptographic hash of the expected resource content in the HTML. When a user visits the webpage, the browser checks this hash against the actual content fetched from the external source. If the hashes match, that means the resource hasn’t been tampered with or compromised.

Risk

Without SRI, externally loaded resources, like scripts and stylesheets, lack integrity verification. This makes them susceptible to tampering. This creates a potential avenue for attackers to inject malicious scripts, which leads to Cross-Site Scripting (XSS) vulnerabilities, unauthorized data access, and other security threats.

Recommendations

– Ensure accurate cryptographic hashes are specified for all externally loaded resources using SRI attributes in the HTML.

– Routinely review and update cryptographic hashes to align with changes in resource content.

– Implement robust input validation and sanitization practices to prevent injection attacks.

– Use CSP to restrict resource sources. This adds an extra layer of control over content execution.

– Conduct regular security audits and penetration testing to promptly identify and address vulnerabilities.

Please look into this error and help us to resolve this and if you need any other information from our side , let us know will provide you same.

Thanks

The page I need help with: [log in to see the link]