Do not let your CDN betray you: Use Subresource Integrity

Mozilla Firefox Developer Edition 43 and other modern browsers help websites to control third-party JavaScript loads and prevent unexpected or malicious modifications. Using a new specification called Subresource Integrity, a website can include JavaScript that will stop working if it has been modified. With this technology, developers can benefit from the performance gains of using Content Delivery Networks (CDNs) without having to fear that a third-party compromise can harm their website.

<script src=""

Preventing Amazon Cloudfront hotlinking

  1. Go to CloudFront settings
  2. Edit Distributions settings for a distribution
  3. Go to the Behaviors tab and edit or create a behavior
  4. Set Forward Headers to Whitelist
  5. Add Referer as a whitelisted header
  6. Save the settings in the bottom right corner

Make sure to also handle the Referer header on your origin.

Cloudfront cache-control headers missing

To do this, I have the following in my htaccess file ..

Header unset Pragma
FileETag none
Header unset ETag

<FilesMatch "(.*)\.(ico|jpg|jpeg|png|gif|js|css|swf)$">
ExpiresActive on
ExpiresDefault "access plus 1 year"
Header set Cache-Control "max-age=1864000, public"
Header unset Last-Modified