PCI DSS Requirement 11.6.1
The Payment Card Industry (PCI) Data Security Standard (DSS) is a global standard that provides a baseline of technical and operational requirements designed to protect payment account data.
PCI DSS v4 is the current mandatory standard. While general adoption was required by April 1, 2024, the new technical requirements took full effect on April 1, 2025.
This includes enforcing Requirements 6.4.3 and 11.6.1, which are designed to protect payment pages that capture account data.
PCI DSS 11.6.1 Requirements
Deployment & Scope
A mechanism must be deployed to detect changes and tampering of HTTP headers and payment page content as received by the consumer browser, ensuring security and integrity at the point of consumption.
Detection & Alerts
Personnel must be alerted to any unauthorized changes, including modifications, additions, or deletions to security-related HTTP headers, as well as any changes or additions to scripts on payment pages.
Frequency
Evaluations occur at least once every seven days OR at defined periodic intervals as established by the organization's targeted risk analysis (TRA).
How Jcrambler can help you
Prevent client-side attacks with Jscrambler’s security platform
Recommended to read next
PCI DSS Requirement 6.4.3
The new PCI DSS v4 standard requires e-commerce companies to employ measures to protect the payment pages on their websites against JavaScript skimming attacks.
2 min read
Read MoreTamper-Resistant Code
Software code is increasingly targeted by cybercriminals who insert malicious code to bypass security measures, steal data, or disrupt operations. Such tampering can cause major harm, including...
4 min read
Read More