0Pricing
HTML Academy · Lesson

HTTPS and Subresource Integrity

Verify external resource integrity with the integrity attribute.

Why HTTPS Everywhere

HTTPS encrypts data in transit and authenticates the server. Without HTTPS, attackers on the same network (cafe wifi, ISP, state actor) can read every byte and inject malicious content into responses. Modern browsers mark HTTP pages as "Not Secure" and many APIs (camera, geolocation, service workers) refuse to work over HTTP.

Mixed Content

Loading HTTP resources from an HTTPS page is mixed content. The browser blocks active mixed content (scripts, iframes, stylesheets) outright and warns about passive (images). Always load every resource over HTTPS; use protocol-relative URLs (//cdn.example.com) or absolute https://.

All lessons in this course

  1. Content Security Policy meta http-equiv
  2. XSS via innerHTML and How to Prevent It
  3. iframe Sandboxing and Permissions Policy
  4. HTTPS and Subresource Integrity
← Back to HTML Academy