Skip to main content

Subresource Integrity (SRI) and Cookiebot



  • Official comment
    Brian Mørkeberg Lundkvist

    Enabling SRI on our solution is registered as a feature request but is currently not on our road map. 

    For now we recommend employing a strong Content Security Policy.

  • Juan Palma

    Looking for help with this too. This comes up in PCI vulnerability scans. Rather than implement an SRI hash check on our own, we'd prefer to have SRI natively supported by cookiebot, if possible. 

  • Eivind Brown

    We too are looking to address this issue... one of the options being discussed is about us hosting the javascript rather than downloading it from cookie bot. Would cookiebot accept that option?

  • Aleksandr Liokumovich

    We got failed (Script Src Integrity Check) PCI scan as well from securitymetrics.

    Any suggestion?



  • Claus Harup

    Any news on this topic!?!?!?!

  • Chris Lewis

    This is a serious issue for us as well. It's being flagged in pen tests. Any update on the feature request?

  • afasa awa

    We are having the identical trouble on Safari simplest. Since installing Cookiebot, the dropdown menus on our website navigation have stopped running as you can see.

  • Sebastian Meyer

    Is there anything new regarding the feature request? @...

  • Jamyn Shanley

    Same for us. CookieBot is the only reason we're failing our external PCI scan. It's not a good look when a privacy product generates security audit failures. Please implement this feature.

  • Christopher Caulfield

    Hi, we are in the same position, as the Cookiebot script is being flagged in our external PCI scan due to this issue. Would very much want this feature implemented. Thanks.

  • Cristina Costache

    Same for us. CookieBot generates the security audit failures. Please implement this feature.

  • Rortiz

    @... Do you have a solution?

  • Hannah

    Hi all,

    Providing a new status on this: SRI is not currently on Cookiebot's road map, unfortunately.

    We do support CSP,  a different security measure: Cookiebot and Content Security Protocol (CSP)


Please sign in to leave a comment.