Script Authorization on Payment Pages: Understanding PCI 4.0 Section 6.4.3 and How We’re Providing The Tools To Keep Your Payment Pages Secure
As of March 2025, PCI 4.0 DSS will require that all scripts on payment pages have a method to verify them as authorized before execution. To comply with this requirement, BigCommerce is implementing the ability to enforce a nonce in the Content Security Policy (CSP) header, ensuring that only authorized scripts are permitted to load and execute on payment pages.