Many thanks for the suggestion @cndjp. While I’m not too familiar with Subresource, I will check this with the team and report back to you here. Feel free to also submit such a feature request over on the plugins GitHub repository.
Note also that Site Kit may not require Subresource Integrity as it generates unique, minified, and bundled JavaScript files and file hashing for each release. I will, however, check this with the team and report back to you here.
One other thing to note, on the front end of a site, the only external scripts that are requested as the scripts for the Google services you wish to connect (ie. Google Analytics, Ads, AdSense etc). There are not Site Kit externally hosted scripts requested. We do have a feature being worked on that will allow for these scripts to be hosted locally.
Thanks again, and I will report back to you here with an update.
Thread Starter
cndjp
(@cndjp)
Thanks a lot!
You’re right, there is no SRI verification possible, since the file is frequently changed.
Ok then the solution seems to be the locally hosting of the scripts.
Have a nice day
