{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:29:16Z","timestamp":1759091356616,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,4,20]],"date-time":"2020-04-20T00:00:00Z","timestamp":1587340800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,4,20]]},"DOI":"10.1145\/3366423.3380092","type":"proceedings-article","created":{"date-parts":[[2020,5,4]],"date-time":"2020-05-04T08:11:44Z","timestamp":1588579904000},"page":"34-45","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["An Empirical Study of the Use of Integrity Verification Mechanisms for Web Subresources"],"prefix":"10.1145","author":[{"given":"Bertil","family":"Chapuis","sequence":"first","affiliation":[{"name":"UNIL-HEC Lausanne, Switzerland"}]},{"given":"Olamide","family":"Omolola","sequence":"additional","affiliation":[{"name":"TU Graz, Austria"}]},{"given":"Mauro","family":"Cherubini","sequence":"additional","affiliation":[{"name":"UNIL-HEC Lausanne, Switzerland"}]},{"given":"Mathias","family":"Humbert","sequence":"additional","affiliation":[{"name":"armasuisse S+T, Switzerland"}]},{"given":"K\u00e9vin","family":"Huguenin","sequence":"additional","affiliation":[{"name":"UNIL-HEC Lausanne, Switzerland"}]}],"member":"320","published-online":{"date-parts":[[2020,4,20]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.25"},{"key":"e_1_3_2_1_2_1","volume-title":"Proc. of the USENIX Security Symp. (USENIX Security). USENIX, Washington D.C., USA, 257\u2013272","author":"Akhawe Devdatta","year":"2013","unstructured":"Devdatta Akhawe and Adrienne\u00a0Porter Felt . 2013 . Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness .. In Proc. of the USENIX Security Symp. (USENIX Security). USENIX, Washington D.C., USA, 257\u2013272 . Devdatta Akhawe and Adrienne\u00a0Porter Felt. 2013. Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness.. In Proc. of the USENIX Security Symp. (USENIX Security). USENIX, Washington D.C., USA, 257\u2013272."},{"key":"#cr-split#-e_1_3_2_1_3_1.1","doi-asserted-by":"crossref","unstructured":"A. Anis M. Zulkernine S. Iqbal C. Liem and C. Chambers. 2018. Securing Web Applications with Secure Coding Practices and Integrity Verification. In Proc. of the IEEE Int'l Conf. on Dependable Autonomic and Secure Computing Int'l Conf on Pervasive Intelligence and Computing 4th Int'l Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC\/PiCom\/DataCom\/CyberSciTech). IEEE Athens Greece 618-625. https:\/\/doi.org\/10.1109\/DASC\/PiCom\/DataCom\/CyberSciTec.2018.00112 10.1109\/DASC","DOI":"10.1109\/DASC\/PiCom\/DataCom\/CyberSciTec.2018.00112"},{"key":"#cr-split#-e_1_3_2_1_3_1.2","doi-asserted-by":"crossref","unstructured":"A. Anis M. Zulkernine S. Iqbal C. Liem and C. Chambers. 2018. Securing Web Applications with Secure Coding Practices and Integrity Verification. In Proc. of the IEEE Int'l Conf. on Dependable Autonomic and Secure Computing Int'l Conf on Pervasive Intelligence and Computing 4th Int'l Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC\/PiCom\/DataCom\/CyberSciTech). IEEE Athens Greece 618-625. https:\/\/doi.org\/10.1109\/DASC\/PiCom\/DataCom\/CyberSciTec.2018.00112","DOI":"10.1109\/DASC\/PiCom\/DataCom\/CyberSciTec.2018.00112"},{"key":"e_1_3_2_1_4_1","volume-title":"Proc. of the Int\u2019l Conf. on Financial Cryptography and Data Security (FC), Jens Grossklags and Bart Preneel (Eds.). Springer, Christ Church, Barbados, 441\u2013459","author":"Arshad Sajjad","year":"2016","unstructured":"Sajjad Arshad , Amin Kharraz , and William Robertson . 2016 . Include Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions . In Proc. of the Int\u2019l Conf. on Financial Cryptography and Data Security (FC), Jens Grossklags and Bart Preneel (Eds.). Springer, Christ Church, Barbados, 441\u2013459 . https:\/\/doi.org\/10.1007\/978-3-662-54970-4_26 10.1007\/978-3-662-54970-4_26 Sajjad Arshad, Amin Kharraz, and William Robertson. 2016. Include Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions. In Proc. of the Int\u2019l Conf. on Financial Cryptography and Data Security (FC), Jens Grossklags and Bart Preneel (Eds.). Springer, Christ Church, Barbados, 441\u2013459. https:\/\/doi.org\/10.1007\/978-3-662-54970-4_26"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3178876.3186090"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2014.23006"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jlap.2013.05.001"},{"key":"e_1_3_2_1_8_1","volume-title":"Revert \u2018require-Sri-For\u2018 from the SRI Recommendation. https:\/\/github.com\/w3c\/webappsec-subresource-integrity\/pull\/82, last visited","author":"Braun Frederik","year":"2019","unstructured":"Frederik Braun . 2019. Revert \u2018require-Sri-For\u2018 from the SRI Recommendation. https:\/\/github.com\/w3c\/webappsec-subresource-integrity\/pull\/82, last visited : Oct. 2019 . Frederik Braun. 2019. Revert \u2018require-Sri-For\u2018 from the SRI Recommendation. https:\/\/github.com\/w3c\/webappsec-subresource-integrity\/pull\/82, last visited: Oct. 2019."},{"key":"e_1_3_2_1_9_1","volume-title":"Cap and Benjamin Leiding","author":"H.","year":"2018","unstructured":"Clemens\u00a0 H. Cap and Benjamin Leiding . 2018 . Ensuring Resource Trust and Integrity in Web Browsers Using Blockchain Technology. In Advanced Information Systems Engineering Workshops(Lecture Notes in Business Information Processing), Raimundas Matulevi\u010dius and Remco Dijkman (Eds.). Springer , 115\u2013125. Clemens\u00a0H. Cap and Benjamin Leiding. 2018. Ensuring Resource Trust and Integrity in Web Browsers Using Blockchain Technology. In Advanced Information Systems Engineering Workshops(Lecture Notes in Business Information Processing), Raimundas Matulevi\u010dius and Remco Dijkman (Eds.). Springer, 115\u2013125."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243746"},{"key":"e_1_3_2_1_11_1","volume-title":"SRI-Monitor: Subresource Integrity Monitor. https:\/\/github.com\/ciscocsirt\/SRI-Monitor, last visited","author":"Cisco CSIRT.","year":"2019","unstructured":"Cisco CSIRT. 2019. SRI-Monitor: Subresource Integrity Monitor. https:\/\/github.com\/ciscocsirt\/SRI-Monitor, last visited : Oct. 2019 . Cisco CSIRT. 2019. SRI-Monitor: Subresource Integrity Monitor. https:\/\/github.com\/ciscocsirt\/SRI-Monitor, last visited: Oct. 2019."},{"key":"e_1_3_2_1_12_1","unstructured":"Common Crawl. 2019. Common Crawl. https:\/\/commoncrawl.org\/.  Common Crawl. 2019. Common Crawl. https:\/\/commoncrawl.org\/."},{"key":"e_1_3_2_1_13_1","volume-title":"Statistics of Common Crawl Monthly Archives. https:\/\/commoncrawl.github.io\/cc-crawl-statistics\/, last visited","author":"Crawl Common","year":"2019","unstructured":"Common Crawl . 2019. Statistics of Common Crawl Monthly Archives. https:\/\/commoncrawl.github.io\/cc-crawl-statistics\/, last visited : Oct. 2019 . Common Crawl. 2019. Statistics of Common Crawl Monthly Archives. https:\/\/commoncrawl.github.io\/cc-crawl-statistics\/, last visited: Oct. 2019."},{"key":"e_1_3_2_1_14_1","volume-title":"Major Sites Running Unauthenticated JavaScript on Their Payment Pages. https:\/\/shkspr.mobi\/blog\/2018\/11\/major-sites-running-unauthenticated-javascript-on-their-payment-pages\/, last visited","author":"Eden Terence","year":"2019","unstructured":"Terence Eden . 2018. Major Sites Running Unauthenticated JavaScript on Their Payment Pages. https:\/\/shkspr.mobi\/blog\/2018\/11\/major-sites-running-unauthenticated-javascript-on-their-payment-pages\/, last visited : Oct. 2019 . Terence Eden. 2018. Major Sites Running Unauthenticated JavaScript on Their Payment Pages. https:\/\/shkspr.mobi\/blog\/2018\/11\/major-sites-running-unauthenticated-javascript-on-their-payment-pages\/, last visited: Oct. 2019."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1357054.1357219"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39884-1_5"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702442"},{"key":"e_1_3_2_1_18_1","volume-title":"Proc. of the USENIX Security Symp. (USENIX Security). USENIX","author":"Felt Adrienne\u00a0Porter","year":"2017","unstructured":"Adrienne\u00a0Porter Felt , Richard Barnes , April King , Chris Palmer , Chris Bentzel , and Parisa Tabriz . 2017 . Measuring HTTPS Adoption on the Web . In Proc. of the USENIX Security Symp. (USENIX Security). USENIX , Vancouver, BC, Canada, 16. Adrienne\u00a0Porter Felt, Richard Barnes, April King, Chris Palmer, Chris Bentzel, and Parisa Tabriz. 2017. Measuring HTTPS Adoption on the Web. In Proc. of the USENIX Security Symp. (USENIX Security). USENIX, Vancouver, BC, Canada, 16."},{"key":"e_1_3_2_1_19_1","volume-title":"Grunt-Sri: SRI Plug-in for Grunt. https:\/\/github.com\/neftaly\/grunt-sri, last visited","author":"Hernandez Neftaly","year":"2019","unstructured":"Neftaly Hernandez . 2019. Grunt-Sri: SRI Plug-in for Grunt. https:\/\/github.com\/neftaly\/grunt-sri, last visited : Oct. 2019 . Neftaly Hernandez. 2019. Grunt-Sri: SRI Plug-in for Grunt. https:\/\/github.com\/neftaly\/grunt-sri, last visited: Oct. 2019."},{"key":"e_1_3_2_1_20_1","volume-title":"Cisco Umbrella 1 Million. https:\/\/umbrella.cisco.com\/blog\/2016\/12\/14\/cisco-umbrella-1-million\/, last visited","author":"Hubbard Dan","year":"2019","unstructured":"Dan Hubbard . 2019. Cisco Umbrella 1 Million. https:\/\/umbrella.cisco.com\/blog\/2016\/12\/14\/cisco-umbrella-1-million\/, last visited : Oct 2019 . Dan Hubbard. 2019. Cisco Umbrella 1 Million. https:\/\/umbrella.cisco.com\/blog\/2016\/12\/14\/cisco-umbrella-1-million\/, last visited: Oct 2019."},{"key":"e_1_3_2_1_21_1","unstructured":"Internet Archive. 2019. Wayback Machine. https:\/\/web.archive.org\/.  Internet Archive. 2019. Wayback Machine. https:\/\/web.archive.org\/."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1287\/isre.2016.0644"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2016.033"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00060"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052686"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23414"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.23919\/CYCON.2018.8405025"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1177\/1525822X980100020301"},{"key":"e_1_3_2_1_29_1","volume-title":"Single Page Web Applications: JavaScript End-to-End","author":"Mikowski Michael","unstructured":"Michael Mikowski and Josh Powell . 2013. Single Page Web Applications: JavaScript End-to-End ( 1 st ed.). Manning Publications Co. , Greenwich, CT, USA . Michael Mikowski and Josh Powell. 2013. Single Page Web Applications: JavaScript End-to-End (1st ed.). Manning Publications Co., Greenwich, CT, USA.","edition":"1"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2014.09.014"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3321705.3329841"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382274"},{"key":"e_1_3_2_1_33_1","volume-title":"Sprockets-Rails: SRI Plug-in for Rails. https:\/\/github.com\/rails\/sprockets-rails, last visited","author":"Peek Joshua","year":"2019","unstructured":"Joshua Peek . 2019. Sprockets-Rails: SRI Plug-in for Rails. https:\/\/github.com\/rails\/sprockets-rails, last visited : Oct. 2019 . Joshua Peek. 2019. Sprockets-Rails: SRI Plug-in for Rails. https:\/\/github.com\/rails\/sprockets-rails, last visited: Oct. 2019."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3174086"},{"key":"e_1_3_2_1_35_1","volume-title":"Proc. of the Symp. on Networked Systems Design and Implementation (NSDI). USENIX","author":"Roesner Franziska","year":"2012","unstructured":"Franziska Roesner , Tadayoshi Kohno , and David Wetherall . 2012 . Detecting and Defending Against Third-Party Tracking on the Web . In Proc. of the Symp. on Networked Systems Design and Implementation (NSDI). USENIX , San Jose, CA, USA, 14. Franziska Roesner, Tadayoshi Kohno, and David Wetherall. 2012. Detecting and Defending Against Third-Party Tracking on the Web. In Proc. of the Symp. on Networked Systems Design and Implementation (NSDI). USENIX, San Jose, CA, USA, 14."},{"volume-title":"The Coding Manual for Qualitative Researchers","author":"Salda\u00f1a Johnny","key":"e_1_3_2_1_36_1","unstructured":"Johnny Salda\u00f1a . 2015. The Coding Manual for Qualitative Researchers . Sage, Arizona State University, USA. Johnny Salda\u00f1a. 2015. The Coding Manual for Qualitative Researchers. Sage, Arizona State University, USA."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-05918-7_21"},{"key":"e_1_3_2_1_38_1","volume-title":"Webpack-Subresource-Integrity: SRI Plug-in for Webpack. https:\/\/github.com\/waysact\/webpack-subresource-integrity, last visited","author":"Scheid Julian","year":"2019","unstructured":"Julian Scheid . 2019. Webpack-Subresource-Integrity: SRI Plug-in for Webpack. https:\/\/github.com\/waysact\/webpack-subresource-integrity, last visited : Oct. 2019 . Julian Scheid. 2019. Webpack-Subresource-Integrity: SRI Plug-in for Webpack. https:\/\/github.com\/waysact\/webpack-subresource-integrity, last visited: Oct. 2019."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1504\/IJSN.2018.092474"},{"key":"e_1_3_2_1_40_1","first-page":"5","article-title":"Securing Third-Party Web Resources Using Subresource Integrity Automation","volume":"4","author":"Shah N","year":"2017","unstructured":"Ronak\u00a0 N Shah and Kailas\u00a0 R Patil . 2017 . Securing Third-Party Web Resources Using Subresource Integrity Automation . International Journal on Emerging Trends in Technology 4 , 2 (2017), 5 . Ronak\u00a0N Shah and Kailas\u00a0R Patil. 2017. Securing Third-Party Web Resources Using Subresource Integrity Automation. International Journal on Emerging Trends in Technology 4, 2 (2017), 5.","journal-title":"International Journal on Emerging Trends in Technology"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-62105-0_8"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813710"},{"key":"e_1_3_2_1_43_1","volume-title":"Proc. of the IEEE Symp. on Security and Privacy (S&P). IEEE","author":"Stark E.","year":"2019","unstructured":"E. Stark , R. Sleevi , R. Muminovic , D. O\u2019Brien , E. Messeri , A. Felt , B. McMillion , and P. Tabriz . 2019. Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate . In Proc. of the IEEE Symp. on Security and Privacy (S&P). IEEE , Los Alamitos, CA, USA, 463\u2013478. https:\/\/doi.org\/10.1109\/SP. 2019 .00027 10.1109\/SP.2019.00027 E. Stark, R. Sleevi, R. Muminovic, D. O\u2019Brien, E. Messeri, A. Felt, B. McMillion, and P. Tabriz. 2019. Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate. In Proc. of the IEEE Symp. on Security and Privacy (S&P). IEEE, Los Alamitos, CA, USA, 463\u2013478. https:\/\/doi.org\/10.1109\/SP.2019.00027"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW.2019.00021"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3019612.3019798"},{"key":"e_1_3_2_1_46_1","unstructured":"W3C. 2016. Subresource Integrity. https:\/\/www.w3.org\/TR\/SRI\/.  W3C. 2016. Subresource Integrity. https:\/\/www.w3.org\/TR\/SRI\/."},{"key":"e_1_3_2_1_47_1","volume-title":"Signed Content Should Include Resource Names. https:\/\/github.com\/mikewest\/signature-based-sri\/issues\/5, last visited","author":"West Mike","year":"2019","unstructured":"Mike West . 2017. Signed Content Should Include Resource Names. https:\/\/github.com\/mikewest\/signature-based-sri\/issues\/5, last visited : Oct. 2019 . Mike West. 2017. Signed Content Should Include Resource Names. https:\/\/github.com\/mikewest\/signature-based-sri\/issues\/5, last visited: Oct. 2019."}],"event":{"name":"WWW '20: The Web Conference 2020","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"],"location":"Taipei Taiwan","acronym":"WWW '20"},"container-title":["Proceedings of The Web Conference 2020"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3366423.3380092","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3366423.3380092","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:33:17Z","timestamp":1750199597000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3366423.3380092"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,4,20]]},"references-count":48,"alternative-id":["10.1145\/3366423.3380092","10.1145\/3366423"],"URL":"https:\/\/doi.org\/10.1145\/3366423.3380092","relation":{},"subject":[],"published":{"date-parts":[[2020,4,20]]},"assertion":[{"value":"2020-04-20","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}