Back in January, Firefox’s Security & Privacy Newsletter for 2025 Q4 piqued my interest with this mention: Integrity-Policy: Firefox 145 has added support for the Integrity-Policy response header. The header allows websites to ensure that only scripts with an integrity attribute will load. A new security header! That’s right up my street: I’ve cared about getting security headers right since 2018, when I created django-permissions-policy to set the Permissions-Policy header. (At the time, it was called Feature-Policy: why they changed it, I can’t say, people just liked it better that way.) The new Integrity-Policy header helps with subresource integrity, a tool for securely including third-party scripts and stylesheets on your website. Browsers support the integrity attribute on <script> and <link> tags, which allows you to specify a hash of the expected content, like: <script src=https://cdn.jsdelivr.net/npm/htmx.org@4.0.0-beta4/dist/htmx.min.js…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.