Does Google AI Overviews use SRI as a ranking input?

No public ranking weight exists, but Google's E-E-A-T evaluation favours sites with strong technical hygiene; SRI is one such signal. Treat it as table-stakes for a high-trust posture, not a magic boost.

Is SRI required for first-party scripts?

No — you control the origin. SRI's threat model is third-party tampering. First-party SRI is harmless and some teams add it for build reproducibility, but it's not necessary.

Why SHA-384 over SHA-256?

SHA-256 has known collision-resistance margin; SHA-384 doubles the margin at minimal byte cost. Future-proofs you against algorithmic advances.

How does SRI interact with HTTP/3?

No interaction. SRI verifies the resource bytes regardless of transport. HTTP/3 only changes how the bytes arrive.

Should I add SRI to inline scripts?

No — inline scripts have no src to hash. For inline-script integrity, use CSP script-src 'sha384-...' directives, which hash the inline content directly.

Subresource Integrity and AI Trust Signals

Subresource Integrity (SRI) is a W3C-standardised mechanism that lets a page declare a cryptographic hash of every external script and stylesheet it loads. For AI search, SRI is one layer of a verifiable trust stack: SRI for sub-resources, C2PA manifests for media provenance, and HTTP Signatures for response integrity. AI engines that prioritise verifiable content treat the presence of these signals as a positive trust input.

TL;DR

SRI alone won't make an AI engine cite you. But the absence of integrity signals across your sub-resources, media, and HTTP responses is increasingly read as a low-trust signal by engines that care about provenance (Perplexity's "verified sources" experiments, Google AI Overviews' E-E-A-T-aware ranking layers). Ship SRI for every external script, C2PA for every original image and video, and consider HTTP Signatures for high-value API responses. Treat them as the cryptographic equivalent of a press credential.

What SRI is

Subresource Integrity is a W3C Recommendation that defines an integrity attribute on