Overview
Security headers such as Content‑Security‑Policy (CSP) and Subresource Integrity (SRI) reduce client‑side attack surfaces and support multiple PCI controls.
Step‑by‑Step
- Go to PCI DSS Dashboard
-
Click Manage on the Security Headers widget to manage security headers on all sites (or use Manage ▶ Security Headers in the Sites table to manage security headers at the site level).
-
With Display unhandled changes only enabled, locate each header row.
You can also view our a step-by-step walkthrough of how to manage securitypayment page header changes here: How do I manage security payment page header changes as required by PCI DSS 4.0 requirement 11.6.1?
Troubleshooting / FAQ
-
Header keeps flipping back. A downstream proxy may be overriding your response headers—check cache layers.
-
Need template CSP? See our CSP quick‑start article (opens in new tab).