Limited supportUse with care and provide a fallback when broad support matters.
Metadata and scripts Limited support

Signature-based resource integrity

Signature-based resource integrity verifies a script's provenance by checking that the resource has been signed with a trusted key given by the <script> element's integrity attribute. It is most useful when native HTML semantics or browser capabilities can replace custom implementation work.

Metadata and scriptsSecurity

Overview

Signature-based resource integrity verifies a script's provenance by checking that the resource has been signed with a trusted key given by the <script> element's integrity attribute. It is most useful when native HTML semantics or browser capabilities can replace custom implementation work.

Browser support

Feature Desktop Mobile
Chrome
Edge
Firefox
Safari
Chrome Android
Safari iOS
http.headers.Signature
Experimental
141
141
141
html.elements.script.integrity.ed25519_public_key
Experimental

Signature-based integrity (Ed25519 public key values)
141
141
141
http.headers.Signature-Input
Experimental
141
141
141
http.headers.Unencoded-Digest
Experimental
141
141
141
1+Supported (version) Not supported Has note Sub-feature descriptions sourced from MDN Web Docs (CC BY-SA 2.5)

Syntax

HTML 
<script src="https://cdn.example.com/lib.js"
  integrity="ed25519-[base64-signature]">
</script>

Live demo

Integrity model

Compare hash-based and signature-based trust checks for fetched resources.

PreviewFullscreen

Why signatures help

A signature model can decouple trust from one exact byte-for-byte file version.

PreviewFullscreen

Deployment cost

Stronger trust guarantees usually require key management and signing infrastructure.

PreviewFullscreen

Use cases

  • Control document behavior

    Use Signature-based resource integrity to influence loading, metadata, or script behavior at the document level.

  • Tune performance strategy

    Apply Signature-based resource integrity when earlier resource hints or document settings improve startup or runtime behavior.

Cautions

  • Test Signature-based resource integrity in your target browsers and input environments before depending on it as a primary behavior.
  • Provide a fallback path or acceptable degradation strategy when support is still limited.

Accessibility

  • Make sure Signature-based resource integrity supports the intended task without making the page harder to perceive, understand, or operate.

Related links

Powered by web-features