When security header changes are detected on payment pages, the PCI dashboard will highlight these changes, as shown in the image below.
The system will check for changes at least once a week, as required in 11.6.1.
Additionally, the bell notification in the top right of the banner will indicate header changes found on the payment pages across all sites within the account.
Clicking on either of these options will direct you to the Payment Page Header Management screen, where all detected security web header changes are listed.
Navigation & Multi-Site Accounts
- If your account manages multiple sites:
- Bell notification → Directs you to a global header change management screen, listing changes from all sites.
- Dashboard link → Leads to the header change management screen
- listing changes from all sites.
- Regardless of the entry point, you can use the drop-down menu on the top banner to switch between a specific site or All sites to adjust your view.
Payment Page Header Management Screen
This screen displays the latest detected security header changes, including:
| Field | Description |
|---|---|
| Header Name | The name of the security header being tracked. |
| Last Authorized Value | The previously authorized header value. |
| Current Header Value | The newly detected header value. |
| Result | Indicates whether changes were found. |
| Status | A drop-down menu to select how to handle the change (see below). |
Handling Detected Payment Page Header Changes
When a header change is found, select one of the following actions:
1. Authorize
- Confirms that the new header value is acceptable.
- The updated value will no longer trigger alerts in the future.
2. Unauthorized (Keep Alerting)
- Rejects the change and keeps alerting about this discrepancy.
- The expected value remains the previously authorized header value.
Note: The actual security header on the payment page should be corrected as necessary. Upon the next comparison, if the expected value is restored, it will no longer trigger alerts or alternately, will trigger an alert that can be authorized.
3. Irrelevant (Stop Alerting)
- Disables alerts for changes to this specific security header.
- Future changes to this header will no longer trigger notifications.
Important: Selecting this option does not remove the change from the Payment Page Header Management screen. The change will still be listed if the checkbox “Display unhandled changes only” is unchecked, allowing users to revert this setting if needed.