Signature-based resource integrity | Frontend Practical Guide

Browser support

Feature	Desktop				Mobile
Feature	Chrome	Edge	Firefox	Safari	Chrome Android	Safari iOS
`http.headers.Signature` Experimental	141	141			141
`html.elements.script.integrity.ed25519_public_key` Experimental Signature-based integrity (Ed25519 public key values)	141	141			141
`http.headers.Signature-Input` Experimental	141	141			141
`http.headers.Unencoded-Digest` Experimental	141	141			141

1+Supported (version) Not supported ※Has note Sub-feature descriptions sourced from MDN Web Docs (CC BY-SA 2.5)

HTML

<script src="https://cdn.example.com/lib.js"
  integrity="ed25519-[base64-signature]">
</script>

Compare hash-based and signature-based trust checks for fetched resources.

A signature model can decouple trust from one exact byte-for-byte file version.

Stronger trust guarantees usually require key management and signing infrastructure.

Control document behavior

Use Signature-based resource integrity to influence loading, metadata, or script behavior at the document level.
Tune performance strategy

Apply Signature-based resource integrity when earlier resource hints or document settings improve startup or runtime behavior.

Test Signature-based resource integrity in your target browsers and input environments before depending on it as a primary behavior.
Provide a fallback path or acceptable degradation strategy when support is still limited.