Subresource integrity not in use #1250
Description
Subresource integrity is an HTML feature that uses cryptographic hashes to protect against unauthorized tampering with JavaScript files. The developer adds the integrity attribute to each <script> tag, and this attribute's value is the expected hash of the referenced script. After downloading the script, the browser compares its hash to the one specified in the integrity attribute. If the 2 do not match, an error is raised and the script is not executed.
Recommendation:
For each first-party JavaScript file, calculate the script's cryptographic hash and add the integrity attribute to the corresponding <script> tag. Do the same for all third-party JavaScript files that are stable and not subject to live updates by the maintainer.