PCI DSS Requirement 11.6.1

The new PCI DSS v4 standard requires e-commerce companies to employ measures to protect the payment pages on their websites against JavaScript skimming attacks.

The Payment Card Industry (PCI) Data Security Standard (DSS) is a global standard that provides a baseline of technical and operational requirements designed to protect payment account data.

The next evolution of the standard is PCI DSS v4 which became mandatory on 1st April 2024 with new technical requirements that need to be implemented by 1st April 2025.

There are two requirements, 6.4.3 and 11.6.1, designed to protect payment pages of websites that capture payment card data.


A change- and tamper-detection mechanism is deployed as follows:

  • To alert personnel to unauthorized modification (including indicators of compromise, changes, additions, and deletions) to the HTTP headers and the contents of payment pages as received by the consumer browser.

  • The mechanism is configured to evaluate the received HTTP header and payment page.

The mechanism functions are performed as follows:

  • At least once every seven days, OR

  • Periodically.

How Jcrambler can help you

Prevent client-side attacks with Jscrambler’s security platform