Arrow leftGo to Shift4.com

CSP integration

CSP is a security standard that helps protect websites from attacks like:

  • Cross-Site Scripting (XSS)

  • Data injection

  • Clickjacking

  • Other types of malicious content inclusion

It works by allowing site owners to define which sources of content (scripts, images, styles, etc.) the browser is allowed to load.

Please see the guidance for our merchants below:

script-src 
https://dev.shift4.com
https://js.dev.shift4.com
https://applepay.cdn-apple.com  //for Apple Pay integrations only

frame-src
https://dev.shift4.com
https://js.dev.shift4.com

connect-src
https://dev.shift4.com
https://t.dev.shift4.com

img-src
https://dev.shift4.com
https://t.dev.shift4.com
script-src
https://js.dev.shift4.com
https://applepay.cdn-apple.com

frame-src
https://js.dev.shift4.com

img-src
https://t.dev.shift4.com 

data
connect-src
https://t.dev.shift4.com