Add Subresource Integrity (SRI) Support for External Resources
A
Aira Ariola
This is a platform-level security concern affecting websites hosted on GoHighLevel.
Currently, externally loaded resources (such as scripts, stylesheets, and fonts) do not include Subresource Integrity (SRI) attributes. This causes security scan failures on tools like SecurityScorecard and results in lower domain security ratings (e.g., dropping from an A to a B rating).
SRI is a widely recognized best practice that ensures external resources have not been tampered with. Without it, websites may be more vulnerable to script injection and other security risks.
This limitation is especially impactful for agencies and businesses that:
- Undergo regular security audits
- Serve enterprise or security-conscious clients
- Need to maintain high security ratings for compliance and credibility
At the moment, there is no workaround available at the user level, as this is handled entirely by the platform.
Requested improvements:
- Automatically generate and apply SRI hashes for external resources
- Provide an option to enable/disable SRI at the page or account level
- Allow advanced users to manually define SRI attributes if needed
Implementing SRI support would significantly improve platform security, compliance readiness, and trust for professional users.
Log In