One of these features is called Subresource Integrity (SRI) and it's the topic of this post. I'll give you a brief description of SRI, tell you how it works, then share my opinion on how SRI fits into the world of tag management.
What is Subresource Integrity?
I'll quote Mozilla's simple explanation to make it easy:
Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch are delivered without unexpected manipulation.
It's that last part about "without unexpected manipulation" where this becomes a security concern.
What is the purpose of SRI?
Should you use SRI in your tag manager?
Unfortunately, this scenario applies to nearly all tag vendors that you load on your website. The security feature designed to protect you from maliciously altered files also prevents a frequently-changed file from loading -- even when the changes are part of the software design.
Can Tealium implement SRI as a feature of iQ Tag Management?
This is a good question, and a popular Product Idea suggestion. The nature of a tag management system makes it quite unsuitable for SRI. If you think about it, the most convenient feature of iQ Tag Management is the ability to make any change to your tags at any time. This means that the contents of your Tealium tags (utag.js and others), are constantly being updated. Trying to update the SRI hash on your website after every update would be a never ending task that would largely negate the benefit of using iQ in the first place.
What can you do besides SRI?
Use HTTPS This almost goes without saying, but make sure that every third-party file you load on your site is available via HTTPS.
Use Content Security Policy (CSP) Use a CSP to help mitigate scripting attacks through your site. This requires some back-end changes to your web servers, but it's worth considering for the added security.