Is it PCI-compliant to serve images (securely) from a different domain? I searched the PCI DSS 2.0 PDF and didn't find any references to it.
Is it PCI-compliant to serve images (securely) from not just a different subdomain, but a different domain?
327 Views Asked by mattalxndr At
2
There are 2 best solutions below
1
Salvatore F. Iozzia
On
I take it these images are going to appear on the same page as the credit card entry form? If so as long as they are rendered over SSL, then they cannot be hijacked and additional code rendered in their place.
I would say that it would aid in your compliance to have the images served via SSL regardless of the domain due to the fact that your payment page must be presented in SSL to the end user.
Related Questions in HTML
- Delay in loading Html Page(WebView) from assets folder in real android device
- Why does a function show up as not defined
- CSS Class is not applying to element (border width,color,and style attributes)
- How to sort these using Javascript or Jquery Most effectively
- how to fill out the table with next values in array with one button
- Automatically closing tags in form input?
- Positioning child at bottom of parent with scroll
- Remove added set of rows
- Website zoomed out on Android default browser
- Twitter Bootstrap horizontal form elements on a line
- http://sigmajs.org/ les mis tutorial - why are my canvases 0 height?
- My navbar is not expanding after collapse
- when a checkbox is checked how to display a different hidden element using javascript
- Gaps Vertically Using Dividers
- Svg containers not positioning properly
Related Questions in SECURITY
- Can MVC.NET prevent SQL-injection at razor or controller level?
- Forgotten password reset page: should the user need to enter a username/email as well?
- Dynamic roles list in CustomAuthorize ASP MVC
- Access roles from multiple applications
- How to Fix TLS CBC Incorrect Padding Abuse Vulnerability on Windows 2003 Server
- Evernote Web Clipper and Content Security Policy
- Invalidate user credentials when password changes
- Spring Boot MVC non-role based security
- Correct Captcha behaviour on error
- Is macro more secure than static const if I don't want someone to know or change the hardcode value?
- In Android, ensuring only pre-decided users can only use the app
- Authenticating plain text passwords against md5 hash in DB using Apache Shiro
- Symfony2 - handle HTTP/Entity user access restrictions
- Client side computation without exposing code?
- searchable row level encryption using java?
Related Questions in E-COMMERCE
- Magento 1.9.1.1 Coupon Code is Not Valid
- Can't Update Stock Quantity on Single Product in Magento Admin
- Meteor JS: Shopping Cart Without Login - session id, etc
- Updating fields of model using forms and views on Django 1.7
- 403 Error when trying to remove products from Cart
- Opencart Admin Inaccessible
- show detail product in online shop (codeigniter)
- (Database design). Product attributes
- Mailchimp Ecommerce360 Javascript Implementation
- Does a Classic Analytics Ecommerce Data Layer work with Universal Analytics?
- Magento custom Upsell image not showing
- Google Analytics Enhanced Ecommerce doesn't Track Price
- Flipkart or Snapdeal like Payment Method in nopCommerce 3.5
- Dx trouble writing output: already prepared... - Error in console
- Is it a good practise store the checkout steps fields in php $_SESSION?
Related Questions in CREDIT-CARD
- Is card-swipe hardware payment system-specific?
- Extracting/Decoding name from USB Credit Card reader
- Payment Card Industry PCI Compliance for Azure PCI DSS AppServices
- Any way to accept Credit Card swipes with a reader from a non-native Web App?
- EMV: Second Generate AC Results in 6985 SW_Error Access condition not satisfied
- Magento Submit Order button not forwarding after security patch update
- How to call Vault Pay Pal Api in android
- JCB card IIN changed or updated ?
- Credit / Debit Payment without Payment Gateway
- PCI compliant hash of a credit card number
- Paypal payment gateway for credit card/debit card
- Stripe - Invoice Item included on recurring payment and charge failed
- Is there any PCI Compliant way to show card data after it has been captured?
- Credit card type and validation
- what do /s ^ $ do in Regex?
Related Questions in PCI-COMPLIANCE
- Best Practices to Minimise PCI DSS Exposure
- Dsiable TLS 1.0 on a specific IP for PCI compliance
- Prevent changing Android SDK
- Payment Card Industry PCI Compliance for Azure PCI DSS AppServices
- Service for Processing Credit Card Information on Mobile Application that is PCI Compliant
- How to pass PCI compliance when MsDeploy requires WMSVC certificate?
- Anyone experience PCI Compliance scan create errors in application server?
- PCI compliant hash of a credit card number
- Is there any PCI Compliant way to show card data after it has been captured?
- PCIDSS masking bank account number
- Paypal vault for recurring payments
- How to Fix SSL Medium Strength Cipher Suites Supported in IIS 6.0
- Costs of PCI Compliance?
- Is it PCI-compliant to serve images (securely) from not just a different subdomain, but a different domain?
- Https (secure) lightbox login on a http page
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Images do not fall under PCI compliance. PCI DSS covers the storing, transmission, and processing of credit card information only. So you can serve your images from any server you like without having any PCI issues.