Black Friday sale! Get up to 25% off GP Premium! Learn more ➝

[Resolved] Subresource Integrity (SRI) – Google Fonts

Home Forums Support [Resolved] Subresource Integrity (SRI) – Google Fonts

Home Forums Support Subresource Integrity (SRI) – Google Fonts

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
  • #1148064

    hope everyone are good!
    Im a bit frustrated here, when running a scan test on my website i get this message (translated from swedish)

    Subresource Integrity (SRI) not implemented, and external soruces where loaded over HTTP or protocolrelated URLS via src=”//…”

    Following 3:rd party source where loaded without SRI:

    When running inspect page in broswer and searching im getting this:
    <link rel=”stylesheet” id=”SP_EAP-google-web-fonts-sp_eap_shortcode_options-css” href=”//″ type=”text/css” media=”all”>

    Status-Check on site:
    HTTPS Standard

      Certificate: valid and trusted
      The connection to this site is using a valid, trusted server certificate issued by Let’s Encrypt Authority X3.

      Connection: secure connection settings
      The connection to this site is encrypted and authenticated using TLS 1.2, ECDHE_RSA with X25519, and AES_128_GCM.

      Resources: all served securely
      All resources on this page are served securely.

    HTTP Strict Transport Security (HSTS)
    Pass/No issue – max-age=63072000; includeSubDomains

    Hoping you could help me with this,


    I´m not a Generatepress team member.
    This can´t be solved cause google fonts returns personalized css related to the UA.
    You can read about the issue here:
    A workaround is to put fonts locally and then generate the SRI, but you lose these customized css.

    Customer Support

    Thanks Longinos for responding.
    Out of interest which ‘Scan test’ were you performing?


    Many thanks Longinos,
    Dont know why but im a bit “scared” or how to say it about my test displaying “3rd party” cookies.
    Dont know why, seems bad?

    David – Im performing this test on a swedish based website:

    If you but website address you can run a test.
    You will still get the “services” in english and the main result for each component in english
    So you will be able to relate 🙂


    Hi Patrik
    If you use 3rd party resources, maybe you have 3rd party cookies, Google Analitics for example, to say a popular 3rd. party service.


    i really dont have that and only the fonts link.
    After reading i cant find that is within regulations of GDPR (i live in europe)

    Customer Support

    The link for that font doesn’t look like a GP request as i don’t recognise the ID – did you identify what was requesting the font?

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.