eric her

Product Manager, Merc & Headless

Eric Her

six

Script Authorization on Payment Pages: Understanding PCI 4.0 Section 6.4.3 and How We’re Providing The Tools To Keep Your Payment Pages Secure

As of March 2025, PCI 4.0 DSS will require that all scripts on payment pages have a method to verify them as authorized before execution. To comply with this requirement, BigCommerce is implementing the ability to enforce a nonce in the Content Security Policy (CSP) header, ensuring that only authorized scripts are permitted to load and execute on payment pages.