Subresource Integrity (SRI) is a security feature that lets a browser verify that files it fetches (e.g. from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched file must match.

This enumeration attribute specifies whether CORS must be used when loading related images. The possible values ​​include the following two:
- anonymous: A cross-origin request will be made (i.e., it will include an Origin: HTTP header). However, no authentication information will be sent (i.e., no cookies, X.509 certificates, and HTTP basic authentication information will be sent). If the server does not provide the origin credentials (the Access-Control-Allow-Origin: HTTP header is not set), the image will be contaminated and restricted from use.
- use-credentials: A cross-origin request (i.e. including the Origin: HTTP header) with authentication information (sending cookies, X.509 certificates and HTTP basic authentication information) will be initiated. If the server does not provide the origin credentials (not setting the Access-Control-Allow-Origin: HTTP header), the image will be polluted and restricted. - When this attribute is not set, the resource will not be loaded using CORS (i.e. not sending the Origin: HTTP header), which will prevent it from being used in the element. If an illegal value is set, it is considered to be anonymous.

Chrome 45 or later, Firefox 43 or later, Edge 17 or later, Safari 11 or later, Opera 32 or later

Refer to the official documentation:https://www.w3.org/TR/SRI/