Out of Band Verification of Websites and JavaScript Integrity
To reduce the risk of MITM attacks (e.g., eIDAS 2.0 proposal in the EU) and increase visibility of any code tampering for Proton resources, please consider a separate extension that works like the Code Verify extension produced by Meta: "We’ve given Cloudflare a cryptographic hash source of truth for WhatsApp Web’s JavaScript code. When someone uses Code Verify, the extension automatically compares the code that runs on WhatsApp Web against the version of the code verified by WhatsApp and published on Cloudflare. If there are any inconsistencies, Code Verify will notify the user." See:
https://engineering.fb.com/2022/03/10/security/code-verify/
and
https://blog.cloudflare.com/cloudflare-verifies-code-whatsapp-web-serves-users/