Cartelta

Pricing
Sign inRUSend request
PCI DSS 11.6.1

PCI DSS 11.6.1: payment page change detection

Requirement 11.6.1 expects organizations to detect unauthorized changes to payment pages and relevant headers. It complements, but does not duplicate, script control under 6.4.3.

8 min

June 1, 2025

3 official sources

In this article

11.6.1 focuses on detecting unauthorized page and header changes.

A useful baseline should represent the real customer-facing checkout flow.

Alerts need ownership, triage, and evidence retention to be audit-ready.

Contents
What should be monitoredHow to avoid noisy monitoringWhy file integrity monitoring is not the whole answerTriage and evidence

Next practical step

If you want to move from theory to a pilot, start with one payment flow, its baseline, and the change scenarios around it.

Discuss a pilot

Key points

11.6.1 focuses on detecting unauthorized page and header changes.

A useful baseline should represent the real customer-facing checkout flow.

Alerts need ownership, triage, and evidence retention to be audit-ready.

What should be monitored

Teams should monitor the real payment page, important DOM changes, script changes, form behavior, and security-relevant HTTP headers.

The baseline should be reviewed when legitimate releases change the checkout experience.

How to avoid noisy monitoring

The process should separate expected release changes from unknown changes. Owners need a way to approve, explain, or investigate each deviation.

Why file integrity monitoring is not the whole answer

File integrity monitoring can detect server-side file changes, but it may miss CDN modification, dynamic injections, third-party script behavior, or the final headers and DOM delivered to the customer.

For 11.6.1, the payment page has to be treated as a customer-facing artifact: what loaded, which headers arrived, and how that differs from the approved baseline.

Triage and evidence

Detection only matters if the team can classify the event. The process should define who receives alerts, who investigates changes, how legitimate releases are recorded, and where the final evidence is stored.

Official PCI SSC materials

PCI SSC: PCI DSS document libraryPCI SSC: payment page security and preventing e-skimmingPCI SSC glossary: payment pages and page scripts

Need a fast payment page security pilot?

Cartelta helps capture the baseline, detect payment page changes, and prepare evidence for internal teams and QSA review.

Discuss a pilot

Related articles

PCI DSS 4.0.1

PCI DSS 4.0.1: what changed for online businesses

A practical overview of PCI DSS 4.0.1 for e-commerce teams, payment pages, client-side script controls, and audit evidence.

Read article

PCI DSS 6.4.3

PCI DSS 6.4.3: controlling client-side scripts on payment pages

A practical guide to PCI DSS 6.4.3: inventory, authorization, business justification, and script integrity on checkout pages.

Read article

Cartelta JSIR

How Cartelta JSIR supports PCI DSS 6.4.3 and 11.6.1

A practical scenario for using Cartelta JSIR to inventory scripts, detect changes, and prepare evidence for payment page security controls.

Read article

Cartelta

Cartelta

Privacy policyPersonal data consentCookie policyTerms of use

Products

Cartelta JSIRPCI DSS consultingPricingContact

Contact

sales@cartelta.ru

cartelta.com

© 2026 Cartelta. All rights reserved.

Send request