Application Security

What is PCI DSS 4.0 Requirement 6.4.3.

Requirement 6.4.3 is one of the critical components for businesses that take online payment and focuses on the management and integrity of scripts on webpages that take payment card (i.e.m credit card) payments.

To help you navigate this requirement and learn how security teams, QSA’s, and developers use Feroot’s security tools to easily not only comply with Requirement 6.4.3.


Understanding Requirement 6.4.3

Requirement 6.4.3 gives clear mandate for managing scripts loaded and executed in the consumer’s browser during payment transactions. The three main directives are:

  1. Authorization of Scripts: Each script must be verified as authorized before execution.
  2. Assurance of Script Integrity: The integrity of each script must be assured to prevent tampering.
  3. Management of Script Inventory and Justification: An inventory of all scripts must be maintained, with justifications for each script’s necessity for for the operation of the payment page.

These requirements apply to all scripts, including those loaded from the entity’s environment and third-party sources. The goal is to prevent unauthorized code from compromising the payment page, by ensuring that all scripts are necessary for the operation of the payment page.


Necessary” for this requirement means that the entity’s review of each script justifies and confirms why it is needed for the functionality of the payment page to accept a payment transaction.

How Feroot Helps to Comply at Ease

Free Assessment

Security for Everyone that Visits Your Website

Find out if your web application is hiding vulnerable, malicious, or dangerous code that could damage your customers and your business. No payment information required.