New Your homepage passed. Your checkout didn't. Read the case study →
Free PCI DSS 4.0.1 Client-Side Security Scan

Free PCI Compliance Scan for PCI DSS 4.0.1 Client-Side Script Risk.

The only free PCI compliance scan that checks your website's browser layer — third-party script exposure, missing security headers, and payment-page risk tied to Requirements 6.4.3 and 11.6.1.

Public pages only · No login required · No private systems accessed

Connecting to domain
Checking TLS and HTTPS enforcement
Analyzing security headers
Scanning third-party scripts
Calculating risk rating

This scan covered your homepage only.

Your checkout, cart, login, and payment pages are where PCI DSS 4.0.1 Requirements 6.4.3 and 11.6.1 actually apply. A Deep Scan covers those pages — even if your homepage looks clean, your payment flow may tell a different story.

Order Deep Scan — $79

Free PCI Compliance Scan  ·  PCI DSS 4.0.1 Client-Side Script Risk  ·  Requirements 6.4.3 & 11.6.1  ·  No account required

37%
of scanned sites show active, unresolved client-side security exposure
100K+
domains scanned across our browser-layer monitoring infrastructure
6.4.3
PCI DSS 4.0.1 requirement targeting payment-page scripts — mandatory since March 2025

The attack surface most security tools miss entirely.

Most website security tools focus on servers, plugins, and infrastructure. But many modern attacks happen in the browser — through third-party scripts, tracking pixels, tag managers, injected JavaScript, and unauthorized client-side behavior on payment pages. ClientSideIntel gives you visibility into that browser-layer attack surface so you can identify exposure before it becomes a breach, a compliance issue, or a customer trust problem.

What ClientSideIntel checks
Browser-layer risk hiding in plain sight.

Third-Party Script Detection

Identify external JavaScript, trackers, pixels, tag managers, payment widgets, and other dependencies loading in the customer's browser on your most sensitive pages.

Payment Page Exposure

Review publicly accessible checkout and payment-related pages for client-side behaviors that increase PCI DSS 4.0.1 review risk under Requirements 6.4.3 and 11.6.1.

Security Header Analysis

Check for Content Security Policy, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and other HTTP header signals that affect your browser-layer attack surface.

Script Inventory Signals

Build a clear view of what scripts are present, where they load, and which may require authorization, justification, or documentation under PCI DSS 4.0.1 controls.

How it works
Submit a domain. Run your free PCI DSS 4.0.1 scan. Know your exposure.
1
Enter your domain
Submit any public-facing domain — no account, no login, no private system access required
2
We scan the browser layer
Our infrastructure analyzes scripts, headers, TLS, and third-party dependencies as a real browser would see them
3
Review your findings
Free PCI DSS 4.0.1 Client-Side Security Scan results appear instantly. Deep Scan customers receive a detailed PDF report by email
PCI DSS 4.0.1 Compliance
Built around PCI DSS 4.0.1 browser-side risk.

PCI DSS 4.0.1 introduced stronger expectations around payment-page scripts, script authorization, integrity monitoring, and tamper detection. Requirements 6.4.3 and 11.6.1 are specifically focused on e-commerce merchants — because customer payment risk often begins in the browser, not just on the server. ClientSideIntel helps you see that risk clearly and identify where deeper review may be needed.

Script Inventory

Identify third-party and first-party scripts loading on payment-sensitive and customer-facing pages across your domain.

Authorization Gaps

Flag scripts that may require review, justification, or documented approval under PCI DSS 4.0.1 Requirement 6.4.3 controls.

Tamper & Change Signals

Highlight browser-layer changes, risky headers, exposed dependencies, or suspicious client-side behavior relevant to Requirement 11.6.1.

Scan options
Start with a Free PCI DSS 4.0.1 Client-Side Security Scan.

Every website has a browser-layer attack surface. Start with a Free PCI DSS 4.0.1 Client-Side Security Scan to see your baseline exposure, then order a full Deep Scan report for documented evidence and PCI DSS 4.0.1 readiness indicators delivered to your inbox.

Free PCI DSS 4.0.1 Scan

$0

A fast Free PCI DSS 4.0.1 Client-Side Security Scan for immediate visibility into scripts, security headers, and client-side exposure signals.

  • Homepage scan
  • Third-party script detection
  • Security header analysis
  • TLS / HTTPS check
  • Overall risk rating
  • Instant results — no account needed
Run Free PCI DSS 4.0.1 Scan

Deep Scan — Full Exposure Report

$79 one-time

A detailed client-side security assessment with a plain-English PDF report delivered to your email. No subscription required.

  • Multi-page scan including checkout & payment flows
  • Full script inventory
  • Third-party JavaScript risk analysis
  • Security header deep review
  • PCI DSS 4.0.1 Req 6.4.3 / 11.6.1 gap indicators
  • Evidence-based findings
  • Plain-English risk summary
  • PDF report delivered by email
Order Deep Scan — $79
Who this is for

Merchants. SaaS teams. Agencies. Compliance teams.

ClientSideIntel is built for anyone responsible for a website that handles customer data, processes payments, or needs to demonstrate PCI DSS 4.0.1 browser-layer readiness. If your site loads third-party JavaScript — and nearly every modern site does — you have a client-side attack surface worth understanding.

Common questions
Frequently asked questions
What is a Free PCI DSS 4.0.1 Client-Side Security Scan?
A Free PCI DSS 4.0.1 Client-Side Security Scan inspects your website's browser layer for third-party scripts, security header gaps, TLS configuration, and exposure indicators relevant to Requirements 6.4.3 and 11.6.1 — the mandatory payment-page controls that became enforceable on March 31, 2025.
Does the free scan access my private systems or customer data?
No. ClientSideIntel scans only publicly accessible pages — the same pages any visitor would see in their browser. No login credentials, private systems, backend access, or customer data is ever accessed or stored.
My homepage came back clean. Do I still need a Deep Scan?
Possibly. PCI DSS 4.0.1 Requirements 6.4.3 and 11.6.1 specifically target payment pages, checkout flows, and login pages — not your homepage. A clean homepage tells you nothing about what is loading on your checkout flow. If you accept payments online, a Deep Scan of those pages is where the real risk either shows up or gets confirmed clean.
What is included in the $79 Deep Scan report?
The Deep Scan covers multiple pages including checkout, cart, login, and payment flows. It includes a full script inventory, third-party JavaScript risk analysis, security header review, PCI DSS 4.0.1 Requirements 6.4.3 and 11.6.1 gap indicators, evidence-based findings, a plain-English risk summary, and a PDF report delivered to your email.
Is ClientSideIntel a QSA or PCI certification provider?
No. ClientSideIntel is not a Qualified Security Assessor, auditor, or PCI certification provider. Our scans identify publicly observable client-side security indicators and PCI DSS 4.0.1 readiness signals. Final compliance determinations should be reviewed with your QSA or compliance team. We help you see the exposure — acting on it is your next step.
Compliance notice: ClientSideIntel is not a QSA, auditor, or PCI certification provider. Our scans identify publicly observable client-side security indicators and PCI DSS 4.0.1 readiness signals. Final compliance determinations should be reviewed with your qualified security assessor, compliance team, or payment processor. ClientSideIntel scans public-facing pages only and does not access, store, or interact with private systems, credentials, or customer data.
Get started

Run a Free PCI DSS 4.0.1 Client-Side Security Scan.

Use the free scan to surface client-side exposure on your domain, or order a Deep Scan when you need multi-page evidence and a PDF report.

Contact us
hello@clientsideintel.com
From the blog
Latest on PCI DSS 4.0.1 & client-side security.
Compliance · May 2025

PCI DSS 4.0.1 Is Here. Most Online Stores Don't Know They're Already Violating It.

A plain-English breakdown of what changed, when it became mandatory, and what you risk if your checkout page isn't compliant right now.

Read article →
Deep Dive · May 2025

What Is Req 6.4.3 and Why Is It Shutting Down Merchants?

What the script inventory requirement actually demands, why so many merchants are failing it, and how to build one that holds up.

Read article →
Research · May 2026

We Scanned 100,000 E-Commerce Domains for PCI DSS 4.0.1 Client-Side Risk — Here's What We Found

37% of scanned domains showed active browser-layer exposure on payment pages. Full methodology, key findings, and what it means for merchants post-March 2025.

Read article →