It’s not terribly clear what Bootstrap *is* just from reading the web site, so I downloaded the zip file so I could open it up and look at it. It’s apparently a framework–a CSS file and a Javavscript file, in case you were wondering. It’s a bit similar in concept to jQuery, except where jQuery is a completely generic set of tools, Bootstrap is apparently a specific framework for developing a particular kind of web site. (Presumably, the popular kind.)
I looked to verify that the template was HTML5. (You can tell because of “<!DOCTYPE html>”–one of the rare instances in computer science when the newer specification is simpler than the older specification.) I’m not familiar with every little thing in HTML5 so I thought maybe script verification was a new feature. I did a Google search.
It turns out it’s not an HTML5 feature, it’s a W3C recommendation called Subresource Integrity. It’s exactly what I thought it was: A way to verify the integrity of script resources (or really any third-party resources). It’s a good idea, though probably a pain to implement given the need to generate hashes for every reference and insert them into your HTML and maintain them.
I was curious how many browsers actually support Subresource Integrity (SRI), since there’s not much point in using it if browsers don’t enforce it. According to Wikipedia, Firefox, Chrome, and Opera support, and Safari support looks to be coming soon. That means essentially everybody but Microsoft Edge and of course Internet Explorer.