Auto SRI automatically adds Subresource Integrity (SRI) attributes to scripts and styles loaded from external sources.
This improves security, protects against tampering, and enables strict Content Security Policy (CSP) setups.
Features
- ✔ Adds SRI to all external
<script>and<link>tags - ✔ Supports WordPress-enqueued assets and raw HTML tags
- ✔ Supports async, defer, crossorigin, and multiline script tags
- ✔ Caches all hashes for performance
- ✔ Excludes admin panel (wp-admin) to prevent conflicts
- ✔ Automatically skips non-SRI-compatible providers:
- Google reCAPTCHA
- Google Fonts (fonts.googleapis.com / fonts.gstatic.com)
- WordPress.com widgets (widgets.wp.com)
- Dynamic concatenated resources
- Dynamic script loaders and runtime-inserted scripts
- ✔ Safe for Elementor, WooCommerce, CookieYes, Jetpack, GoDaddy hosting, etc.
Why some scripts are excluded
This plugin automatically excludes:
- Google reCAPTCHA (
google.com/recaptcha) - Google Fonts stylesheets (
fonts.googleapis.com) - Google Fonts font files (
fonts.gstatic.com) - WordPress.com widgets (
widgets.wp.com) - Dynamic concatenated resources (
/_static/??) - Other dynamic inline loaders (CookieYes, wsimg, ywxi, etc.)
Want to whitelist a dynamic provider? Contact us at izafirsk@gmail.com.
* Other dynamic inline loaders (CookieYes, wsimg, ywxi, etc.)
Want to whitelist a dynamic provider? Contact us at izafirsk@gmail.com.
These exclusions prevent:
- CORS failures
- Integrity mismatch blocking
- Google reCAPTCHA from breaking
- Google Fonts from disappearing
- Layout shifts caused by blocked assets
