Subresource Integrity (SRI) and Cookiebot

Thorsten Dombach

• April 08, 2019 13:34

Hello community,

 

I use Cookiebot for my Website and I want to enable SRI for the Cookiebot scripts loaded during Cookiebot use. Is there a description for that how to do that?

 

Thanks, in advanced.

Best wishes

Thorsten

4

• Official comment

  

  Brian Mørkeberg Lundkvist

  • October 29, 2019 12:38

  Enabling SRI on our solution is registered as a feature request but is currently not on our road map. 

  For now we recommend employing a strong Content Security Policy.
• 

  Juan Palma

  • April 24, 2019 14:47

  Looking for help with this too. This comes up in PCI vulnerability scans. Rather than implement an SRI hash check on our own, we'd prefer to have SRI natively supported by cookiebot, if possible. 

  1
• 

  Claus Harup

  • October 22, 2019 09:10

  Any news on this topic!?!?!?!

  1
• 

  Chris Lewis

  • January 27, 2021 11:08

  This is a serious issue for us as well. It's being flagged in pen tests. Any update on the feature request?

  1
• 

  Jamyn Shanley

  • April 08, 2022 15:04
  • Edited

  Same for us. CookieBot is the only reason we're failing our external PCI scan. It's not a good look when a privacy product generates security audit failures. Please implement this feature.

  1
• 

  Eivind Brown

  • July 22, 2019 09:14

  We too are looking to address this issue... one of the options being discussed is about us hosting the javascript rather than downloading it from cookie bot. Would cookiebot accept that option?

  0
• 

  Aleksandr Liokumovich

  • September 18, 2019 18:17

  We got failed (Script Src Integrity Check) PCI scan as well from securitymetrics.

  Any suggestion?

   

  Thanks

  0
• 

  afasa awa

  • May 03, 2021 21:51

  We are having the identical trouble on Safari simplest. Since installing Cookiebot, the dropdown menus on our website navigation have stopped running as you can see.

  0
• 

  Sebastian Meyer

  • March 31, 2022 11:44

  Is there anything new regarding the feature request? Brian Mørkeberg Lundkvist

  0
• 

  Christopher Caulfield

  • April 25, 2022 11:20

  Hi, we are in the same position, as the Cookiebot script is being flagged in our external PCI scan due to this issue. Would very much want this feature implemented. Thanks.

  0
• 

  Cristina Costache

  • November 02, 2022 08:06

  Same for us. CookieBot generates the security audit failures. Please implement this feature.

  0
• 

  Rortiz

  • January 04, 2023 23:49

  Brian Mørkeberg Lundkvist Do you have a solution?

  

  0
• 

  Hannah

  • January 11, 2023 11:43
  • Edited

  Hi all,

  Providing a new status on this: SRI is not currently on Cookiebot's road map, unfortunately.

  We do support CSP,  a different security measure: Cookiebot and Content Security Protocol (CSP)

  0

Please sign in to leave a comment.