Our script compliance guide
Read our blog post for our recommendations to implement script security.
As an entity that accepts card payments, you are responsible for making sure that your online payments integration complies with the requirements of PCI DSS 4.0.
Additionally, your payment pages must comply with requirement 6.4.3 of PCI DSS 4.0 which states the following:
All payment page scripts that are loaded and executed in the consumer’s browser are managed as follows:
- A method is implemented to confirm that each script is authorized.
- A method is implemented to assure the integrity of each script.
- An inventory of all scripts is maintained with written justification as to why each is necessary.
Make sure that your integration includes ways to address all of the requirements.
Third-party scripts
The following table shows the third-party scripts that Adyen Drop-in and Components use:
The * character represents all subdomains of the domain.
| Scripts | Payment method |
|---|---|
https://*.cash.app |
CashApp Pay |
https://*.payments-amazon.com |
AmazonPay |
https://*.google.com |
Google Pay |
https://*.paypal.com |
PayPal |
https://*.checkout.visa.com |
Click to Pay |
https://*.mastercard.com |
Click to Pay |
Include these in the inventory of all scripts on your payment page.