In its simplest version, Potions Tag is a line of code that simply fetches a javascript script hosted on Potions servers.
javascript
<script type="text/javascript" src="https://client.get-potions.com/[SITE_ID]/potions-tag.js" async> </script>
Potions offers two options to increase your IT security :
  • adding SRI to the Potions Tag
  • self-hosting Potions script
Both options come at the cost of less flexibility : when adding a feature to the script, you will have to
  • change the Potions Tag in case of SRI
  • replace the hosted script by the new one in case of self-hosting
Here are the details of each implementation

Potions hosted without SRI

javascript
<script type="text/javascript" src="https://client.get-potions.com/[SITE_ID]/potions-tag.js" async> </script>
Here is our setup to insure the best up time and response time.
Image without caption
PROS
  • Potions is responsible for the availability of the script
  • Hot deployments : Potions can add new features or fix without the need of your IT
CONS
  • Your website’s code can be altered if Potions servers are attacked

Potions hosted with SRI

The Potions Tag looks like this
javascript
<script src="https://client.get-potions.com/[CLIENT_NAME]/potions.js" integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC" crossorigin="anonymous" async></script>
Potions gives you this tag to setup on your website’s pages, including the integrity hash.
Every time the script needs to be changed (not that often), Potions can provide the new hash
PROS
  • Potions is responsible for the availability of the script
  • Protect websites from CDN attacks
  • Protect websites from any alteration of the script
  • Very low impact on fetching response time
CONS
  • Requires to change the tag whenever the script is modified

Self-hosting

The “Potions Tag” looks like this
javascript
<script src="https://[CLIENT_DOMAIN]/potions.js" async></script>
In this case Potions deposit the script on a SFTP and your IT gets it then host it on your servers.
PROS
  • Absolutely no dependance between your IT and Potion’s IT
CONS
  • Involves your IT whenever the script is modified.