css,html,bootstrap with integrity link

Question

Do i need to put integrity link for bootstrap cdn in html file? or can i just put

<link rel=“stylesheet” type=“text/css” href=“https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css“>? 

What would be a difference?

Thank you.

Answer 1

integrity is something which the browser uses to verify that the downloaded file is what was expected. You're free to drop it as it has no impact on the download of the resource itself. It's merely a security feature to ensure that the hosted file you're pulling into your application isn't maliciously modified - it ensures the files your users end up with is the file you as a developer intended for them to receive.

You can read more about it here: What are the integrity and crossorigin attribute?

Answer 2

check this :

https://developer.mozilla.org/en/docs/Web/HTML/Element/script

Using Content Delivery Networks (CDNs) to host files such as scripts and stylesheets that are shared among multiple sites can improve site performance and conserve bandwidth. However, using CDNs also comes with a risk, in that if an attacker gains control of a CDN, the attacker can inject arbitrary malicious content into files on the CDN (or replace the files completely) and thus can also potentially attack all sites that fetch files from that CDN.

The Subresource Integrity feature enables you to mitigate the risk of attacks such as this, by ensuring that the files your Web application or Web document fetches (from a CDN or anywhere) have been delivered without a third-party having injected any additional content into those files — and without any other changes of any kind at all having been made to those files.

Read more here :

https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity