<script src="https://code.jquery.com/jquery-3.2.1.min.js" integrity="sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4=" crossorigin="anonymous"></script>
crossoriginattributes are used for Subresource Integrity (SRI) checking. This allows browsers to ensure that resources hosted on third-party servers have not been tampered with. Use of SRI is recommended as a best-practice, whenever libraries are loaded from a third-party source. Read more at srihash.org
Best with Google CDN
This is because:
- It increases the parallelism available.
(Most browsers will only download 3 or 4 files at a time from any given site.)
- It increases the chance that there will be a cache-hit.
(As more sites follow this practice, more users already have the file ready.)
- It ensures that the payload will be as small as possible.
(Google can pre-compress the file in a wide array of formats (like GZIP or DEFLATE). This makes the time-to-download very small, because it is super compressed and it isn't compressed on the fly.)
- It reduces the amount of bandwidth used by your server.
(Google is basically offering free bandwidth.)
- It ensures that the user will get a geographically close response.
(Google has servers all over the world, further decreasing the latency.)
- (Optional) They will automatically keep your scripts up to date.
(If you like to "fly by the seat of your pants," you can always use the latest version of any script that they offer. These could fix security holes, but generally just break your stuff.)