Log InSign Up

RUM and subresource integrity (SRI)

How to use subresource integrity with SpeedCurve RUM.

Suggest Edits

Subresource Integrity (SRI) is a browser security feature that enables browsers to verify the contents of any resources it fetches. This feature is normally used by web developers to ensure static resources are delivered by a CDN without being tampered with.

Like most analytics scripts, the contents of the lux.js script change regularly, and changes to the script are coordinated with changes to SpeedCurve's data processing systems. For this reason, SpeedCurve does not support the use of SRI with the lux.js script.

However, it is possible to implement SRI by self-hosting the lux.js script. While SpeedCurve does not officially support self-hosting the lux.js script, our recommended workflow is as follows:

  • Check for lux.js updates on an hourly basis.

  • Review and test any updates internally.

  • Release updates as soon as possible, and no later than one week after the update is detected.

It's important to note that failure to update a self-hosted lux.js script in a timely manner can result in data corruption or complete data loss. If you choose to self-host the lux.js script then you are solely responsible for detecting and rolling out updates to the script.

Updated 6 months ago