That's presumably what @popsovy was already doing, as it's the method used in the page he linked to. Unfortunately that doesn't work, as /s/filename.ext is loaded from static1.squarespace.com, for which Squarespace unhelpfully don't have a CORS Access-Control-Allow-Origin header.