How to use font fingerprints for cache-busting and sri
- Step 1Filename hashing (recommended) — Inter-Regular.abc12345.woff2 — different filename per version. Cache forever (max-age=31536000, immutable). New version = new filename = automatic cache invalidation.
- Step 2Query-string hashing (legacy) — Inter-Regular.woff2?v=abc12345 — same filename, different query string. Some CDNs strip query strings from cache keys; this can fail silently. Avoid for fonts.
- Step 3SRI for tamper detection — <link rel="preload" as="font" href="..." integrity="sha256-...">. Browser verifies hash before using. Use alongside filename hashing — they're complementary, not alternatives.
Frequently asked questions
Why is filename hashing better than query string?+
Some CDNs (and some browsers) treat foo.woff2?v=1 and foo.woff2?v=2 as the same cached resource. Filename hashing forces a different cache entry, guaranteeing cache invalidation.
Should I always use SRI on fonts?+
If you serve fonts from a third-party CDN, yes — SRI catches tampered files. If you serve from your own CDN with HTTPS, SRI's marginal benefit doesn't outweigh the rebuild complexity.
What about font cache hit rates?+
With filename hashing + immutable max-age, returning visitors get instant cache hits (zero bytes transferred). New visitors fetch once, then cache forever. Optimal pattern for static font assets.
Privacy first
Every JAD Font tool runs entirely in your browser using opentype.js and the wawoff2 WASM Brotli encoder. Your fonts never leave your device — verified by zero outbound network requests during processing.