The answer to whether WAF can see and prevent browser attacks that break PCI compliance depends on the lens you use. Through the lens of Requirement 6.4.2, the answer is mostly yes. But through the lens of 6.4.3 and 11.6.1, it gets a little blurry.
Requirement 6.4.2 is about stopping web-based attacks at the application layer by inspecting outbound and inbound HTTP traffic at the server side. That’s where a WAF really shines, as it inspects server-bound requests and server-generated responses to block malicious payloads.
But 6.4.3 and 11.6.1 focus on a different risk. The kind that plays out in the browser and sits outside what a WAF can reliably observe. For example, third-party scripts that load at run time can attach listeners, read fields, and send data out directly from the client device, bypassing WAF.
In this article, we dive deep into what a WAF can credibly cover, what it can’t observe by design, and how we can close the gaps it leaves behind.
So, let’s get started.
What you’ll learn
- Where a WAF is strong, where it isn’t, and how that affects your PCI DSS compliance.
- How third-party drift makes your payment pages vulnerable to browser-side skimming, CMS or theme injection, and chain-loaded scripts.
- Why PCI DSS 6.4.3 and 11.6.1 demand browser-side evidence and what runtime script governance looks like in practice
What WAFs actually protect
WAF is the core control that protects the application perimeter for most payment environments. It does that by monitoring HTTP and HTTPS traffic flowing between clients and your web servers. In other words, it sits in the path, watches requests before they reach your application, and filters responses before they return to the user.
As a result, payload-based attacks like SQL injection and cross-site scripting get blocked, and DDoS-style attacks get rate-limited before they snowball into an incident. Many WAFs also support virtual patching, which contains the threat when a known vulnerability exists but a known patch doesn’t.
Why is it critical to PCI DSS compliance?
PCI DSS has always treated publicly accessible web applications as a primary exposure point because that is where exploits occur repeatedly. A single effective SQL injection can jeopardize the checkout process, reveal cardholder information, retrieve customer records, and generate unauthorized admin accounts.
Thus, WAF maps well with the control intent, as it reduces the likelihood of compromise by hardening the edges, limits exposure by filtering outbound payloads, and contains escalation through virtual patching.
So when a QSA asks how you are protecting an internet-facing payment application from common attacks, a well-tuned WAF makes your answer more defensible.
The client-side attack surface WAFs can’t see
Modern payment pages are assembled at runtime in the customer’s browser. The initial HTML loads JavaScript that then pulls in more JavaScript, stitches together UI components, and then calls a mix of first-party and third-party services. That’s how risk creeps in.
In a typical checkout flow, that mix includes your own code alongside payment provider libraries, analytics, marketing tags, A/B testing tools, and shared dependencies delivered from external CDNs. Most of these scripts run outside of the view of WAF.
If not monitored, they can lead to an incident because they operate with access to the same DOM your checkout uses. This allows them to read fields, attach event listeners, modify page behavior, and initiate outbound requests to malicious servers from the browser. This is what needs governance as per Requirements 6.4.3 and 11.6.1.
The three ways threat actors exploit it
1. Drift in a trusted third party
You can govern first-party scripts through your SDLC and change control. The harder problem is the downstream JavaScripts that get pulled in at runtime through vendors and their dependencies.
A routine vendor update can change behavior, a CDN or publishing pipeline can be altered upstream, or a whitelisted script URL can begin serving different content than what you originally approved.
These scripts run with access to the DOM and can initiate outbound calls directly from the browser. For example, groups like Magecart Group 4 have reportedly compromised ad networks and used the injected scripts to steal card information.
To spot and remediate such drift, runtime visibility becomes imperative.
2. Direct modification of your checkout code
While threat actors can steal session tokens or get access via phishing, internal write paths are typically more governable and add more friction when controls are mature. So for many commerce platforms, the attackers reach CMS via a compromised theme or a template and inject malicious scripts on your payment page.
The code snippet blends into existing code paths, avoiding detection via traditional routes. So, the payment processor still receives the right data, but the only difference is that a second collection path reads fields and duplicates them elsewhere. These compromises are designed to be operationally quiet and thus succeed by staying inside the expected application behavior.
3. Chain-loaded or dynamically injected code (tag managers, loader scripts)
After the initial render, the browser can still pull in more JavaScript via tag managers, vendor containers, or loader scripts. And that second-stage code can be conditional, changing with time, geography, or browsing agent, which makes it harder to reproduce in testing.
Thus, it’s a clean exploitation point, and when compromised, threat actors use it to influence what executes on the payment page without touching your repo. Simply whitelisting doesn’t fix it, because approving a top-level vendor shouldn’t automatically approve everything it can import at runtime.
Why can’t the WAF see it?
By design, a WAF is a perimeter control. It protects your server-side application by inspecting what reaches it and what leaves it over HTTP. So by nature, it can only see the threat when a malicious script reaches your server, or leaves it.
The attacks that we discussed, in most cases, run directly on the client browser and read from the DOM, attach listeners, and initiate outbound calls to other servers, bypassing the WAF’s field of view in front of your domain.
To understand it better, let’s look at the table that compares WAF’s reach with client-side attack execution.
| WAF reach vs. client-side attack execution | |||
| Stage | What happens | WAF visibility | Attack opportunity |
| Request | Browser requests payment page | WAF inspects the request | WAF blocks malicious requests and allows legitimate ones. |
| Response | Server sends page HTML | WAF inspects the response | WAF can filter response content |
| Browser Load | The browser loads third-party scripts | Scripts load from external CDNs | WAF can’t inspect external script content |
| Script Execution | Scripts execute in the browser | Execution happens client-side | Magecart/formjacking operates here |
| Data Collection | Scripts access form data | All activity in the browser | Skimming happens where WAF can’t see |
| Exfiltration | Data sent to the attacker | Blind to requests sent to external domains. | Can’t determine if the data is legitimate or stolen |
As we can see in the table, WAF offers protection up to the point of initial exchange and response. What it misses is the aftermath of the browser receiving the response and executing the JavaScript, and that’s a design boundary.
If you need visibility on the client’s side, you need a control that lives there.
PCI Requirements that demand browser visibility
A WAF gives you strong protection from threats that reach your servers, and that matters when it comes to satisfying Requirement 6.4.2. However, PCI 4.0.1 added two requirements, 6.4.3 and 11.6.1, that aim to govern what happens in the browser on the client side.
Requirement 6.4.3: Managing what executes in the client’s browser
Requirement 6.4.3 focuses on ensuring every script on the browser is authorized, verified, and documented with a clear justification. You do that by keeping a living script inventory for the payment page, tying each script to an owner and an explicit approval decision, and recording why it is there in the first place.
From there, you continuously monitor for script changes and enforce integrity checks, so an approved script can’t quietly become a different script at runtime.
The aim is to prevent unauthorized or malicious code from executing in the customer’s browser, since the browser doesn’t distinguish between your code and downstream code when it comes to DOM access.
A WAF can inspect requests and responses, but it can’t maintain a payment page script inventory, prove its integrity, or keep an auditable authorization trail.
Requirement 11.6.1: Detecting change where vulnerabilities live
PCI 11.6.1 requires a change and tamper detection mechanism that identifies and flags unauthorized modification to the script contents of payment pages as received by the consumer’s browser.
It also requires the mechanism to run at least weekly, or at a frequency you justify through targeted risk analysis.
This is where it’s easy to misjudge what counts as sufficient evidence. A WAF can show you the initial request and the server response, but it can’t tell you whether a browser receives modified script content from a third-party CDN at runtime, or whether a tag manager chain-loads an additional script after the initial render.
In short, a WAF remains a credible part of your PCI posture. It just doesn’t answer these requirements on its own, as it wasn’t designed for them.
How PaymentGuard AI provides client-side governance
E-skimming attacks don’t need to take your servers down; they only need one script to run in the right place. PaymentGuard AI is designed to monitor the layer where such attacks happen and give you a way to govern it continuously.
It’s built for client-side protection
The front end is a moving target by design. It is an execution environment that changes per user session. Scripts load conditionally based on device, geography, consent state, experiments, and downstream vendor logic, and third-party updates can shift that behavior without any deployment on your side.
Periodic reviews and point-in-time audits go stale quickly because they capture intent, not runtime truth. PaymentGuard AI closes that gap by observing the payment page at runtime as the consumer’s browser receives it, detecting and mitigating drift as it happens to keep your PCI DSS posture on track.
Discovers and inventories every script
Satisfying Requirement 6.4.3 hinges on one thing: being able to see the full script surface on the payment page. Without that, authorization becomes guesswork, justifications drift out of date, integrity checks become partial, and inventories turn into snapshots.
PaymentGuard AI discovers every script that executes on your payment pages and payment iFrames, across first-party code, third-party libraries, tag managers, and chain-loaded dependencies. As a result, it automatically maintains current inventory, ties scripts to owners, and records approvals and business justification.
Third-party drift and supply chain visibility
Third-party JavaScript is where most payment pages inherit risk. The vendor scripts that load at runtime can change upstream without a deployment on your side.
PaymentGuard AI keeps third-party scripts under continuous watch, monitoring when vendor script content changes, when a CDN-served script starts to present a different version than the previous one, and when a script begins behaving differently in the browser. That gives you early warning of supply chain compromise, not after the incident, and it gives you the evidence to explain the changes, when they occurred, and how they impacted your payment page to the QSA.
The bottom line
A WAF is a solid control for blocking the payload-driven attacks that have to reach your servers. But browser-side skimming follows a different path, executing malicious scripts, reading fields, and stealing information directly from the client’s browser. And Requirements 6.4.3 and 11.6.1 expect you to govern what scripts execute and detect tampering as the client-side agents receive the page. Closing that gap takes client-side monitoring, not just perimeter hardening.
Feroot PaymentGuard AI provides the browser-side monitoring that extends your posture from perimeter inspection to runtime script governance, so the payment page surface is covered end to end.
Schedule a demo today to see how PaymentGuard AI monitors browser execution, detects client-side attacks, and generates the PCI compliance evidence that WAFs cannot provide.
