May 28, 2015
Seems like the idea is to include a hash of a script that is included cross-domain (including scripts that are sourced from a CDN) when you present a web page to the user. The user's browser then checks the hash against a hash of the returned content.
So, as it stands, this does help if you are including script from something like JQuery's CDN or a random github repo (via their CDN), but not if a transparent CDN node that you are hosting a whole site from gets compromised.