Oct 22, 2018

Security concerns of hosted JavaScript

Hosting a widely-referenced piece of JavaScript introduces its own security concerns, because any change to that JavaScript will immediately affect all websites that reference it. It’s extremely important that the JavaScript hosted on your web site not be modified by an attacker.
JavaScript file that was served over an insecure connection can be rewriten and turn visitors’ browsers into attack bots. Any network, from a coffee shop to a global ISP, can easily attack insecure connections in this way.
On the web, the way to prevent this kind of attack is to use HTTPS, which encrypts and secures the connection between a visitor and the JavaScript code.
Using strong HTTPS as well as HTTP Strict Transport Security (HSTS) adds some additional protections to your web site.