Subresource Integrity (SRI) and Cookiebot

Comments

5 comments

  • Official comment
    Avatar
    Brian Mørkeberg Lundkvist

    Enabling SRI on our solution is registered as a feature request but is currently not on our road map. 

    For now we recommend employing a strong Content Security Policy.

    Comment actions Permalink
  • Avatar
    Juan Palma

    Looking for help with this too. This comes up in PCI vulnerability scans. Rather than implement an SRI hash check on our own, we'd prefer to have SRI natively supported by cookiebot, if possible. 

    0
    Comment actions Permalink
  • Avatar
    Eivind Brown

    We too are looking to address this issue... one of the options being discussed is about us hosting the javascript rather than downloading it from cookie bot. Would cookiebot accept that option?

    0
    Comment actions Permalink
  • Avatar
    Aleksandr Liokumovich

    We got failed (Script Src Integrity Check) PCI scan as well from securitymetrics.

    Any suggestion?

     

    Thanks

    0
    Comment actions Permalink
  • Avatar
    Claus Harup

    Any news on this topic!?!?!?!

    0
    Comment actions Permalink

Please sign in to leave a comment.