Is it PCI-compliant to serve images (securely) from a different domain? I searched the PCI DSS 2.0 PDF and didn't find any references to it.
Is it PCI-compliant to serve images (securely) from not just a different subdomain, but a different domain?
327 views Asked by mattalxndr At
2
There are 2 answers
1
Salvatore F. Iozzia
On
I take it these images are going to appear on the same page as the credit card entry form? If so as long as they are rendered over SSL, then they cannot be hijacked and additional code rendered in their place.
I would say that it would aid in your compliance to have the images served via SSL regardless of the domain due to the fact that your payment page must be presented in SSL to the end user.
Related Questions in HTML
- How to store a date/time in sqlite (or something similar to a date)
- How to use custom font during html to pdf conversion?
- Storing the preferred font-size in localStorage
- mp4 embedded videos within github pages website not loading
- Scrimba tutorial was working, suddenly stopped even trying the default
- Is there any way to glow this bulb image like a real light bulb
- With non-graphical maps in Leaflet, zoomDelta doesn't work
- What can I do to improve my coding on both html and css
- Uncaught TypeError: google.maps.LatLng is not a constructor at init (script.js:7:13)
- Bootstrap modal not showing at the desired position on a web page when the screen size is smaller
- Displaying a Movie List on a Website Using Jinja2 and Bootstrap
- How to redirect to thank you page after submitting a Google form embedded into a Google Site?
- Storing selected language in localStorage
- Fences (parenthesis, braces) in HTML and MathML
- Understanding Scroll Anchoring Behavoir
Related Questions in SECURITY
- HTTPS configuration in Spring Boot, server returning timeout
- HSM ZKA control mask values
- OWASP Amass Subcommands
- Is there a need for BPF Linux namespace?
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- When sanitize/encode while implementing tags system like on SO
- spring security version in spring-boot-starter-security
- I am currently trying to implement a rudimentary firewall from a video I watched but the nimda worm detection is not working and i do not know why?
- Is it possible for `sudo` to fail temporarily with the correct password? Hacking suspected
- Is it viable proxying all my mobile apps requests, to some kind knowing that a request is coming from a secure source
- What abilities should I concentrate on while bug hunting, and how can I improve the quality of my bug bounty reports?
- System.ArgumentOutOfRangeException: I passed this error in every single program
- How to prevent users from creating custom client apps?
- Does server-side content security policy exist for youtube video player API, app, mod apks and website?
- Can we pass a hostname/IP address as a query string in a GET request in REST API
Related Questions in E-COMMERCE
- Issue with Quantity Increment in Django E-commerce Cart
- Cloudinary image issues in react/django project
- How to update orders customer in real-time in laravel?
- How to retrieve product/order return information via PrestaShop 8 API?
- Choosing Backend for Multilingual E-commerce with Nuxt 3, MongoDB, GraphQL
- Discount on optional products or product bundles in odoo v17
- Is a CDN service worth it for storing images or can I use the MongoDb and my server to serve them?
- Square payment gateway in e-commerce site
- cart icon on top bar not showing added products in my WordPress site
- How can an AI agent make a purchase?
- Error in node module while extending theme msdyn365
- Storefront api not showing changes on checkout page, want to remove auto apply of store credit on my bigcommerce store
- how to create ACL for microservice
- SAP B1 WOOCOMMERCE Plugin
- Website Technical Issue - Traling Slash Issue - Page Speed
Related Questions in CREDIT-CARD
- Can't get Woocommerce Payment Gateway Fees to be added upon checkout
- cc-angular--library (3.2.0) not formatting the input fields in Angular 16.0.2
- Credit card fields showing under PayPal Express Checkout
- Fetch credit card saved in Safari and show in IOS app
- UITextContentType creditCardNumber is not working
- Direct credit card payment not working in paypal codeigniter
- Is there a way to make the stripe payment element shorter?
- Kattis problem Credit Card Payment failing test case
- Hacked? Credit card fields showing under PayPal Express Checkout
- How do I create a token for the new stripe payment element as it used to be done in the old card element?
- How to deploy strapi without credit card?
- C50 Credit-Python
- Building an app that rounds given user's credit card purchases to the dollar and gives the remainder to charity. Which API's are available to me?
- Shopify Fraud 'Card Testing' Orders
- Process Credit Card Swipe Input On Angular Form Control With Validation
Related Questions in PCI-COMPLIANCE
- Can I send encrypted Credit Card data to my non-PCI server for sending it to a PCI Credit Card Service? WITHOUT STORING THE DATA ON MY SERVER
- GKE & PCI DSS ASV Scans
- Credit card validation with Auth.net meeting PCI compliance
- is it possible to create a payment profile and a customer profile, using api, but in compliance with the pci compliance regulations?
- CVE-2021-38628 in nodeJs
- has anyone undergone certification of PCI-DSS using general purpose HSM (and not payshield)?
- Is it PCI compliant to create PaymentIntent directly from my Flutter app?
- PCI DSS Compliance when extracting data for analysis
- Masking Card Data Using log4j2
- Objective of PCI DSS 3.4 is only for physical theft of disk?
- Braintree how to use stored credit card for payments
- Displaying Credit Cards on User Profile
- GCP compliance manager - are there API to download reports?
- Tenable Nessus to approve PCI DSS: Microsoft ASP.NET MS-DOS Device Name DoS (PCI-DSS check)
- How do I perform a security scan on an Angular 7 app?
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Images do not fall under PCI compliance. PCI DSS covers the storing, transmission, and processing of credit card information only. So you can serve your images from any server you like without having any PCI issues.