maryt6886 Posted April 5, 2022 Posted April 5, 2022 Site URL: http://thecoalyardcafe We are a small cafe that uses TSYS to accept credit card payments from customers and our web page was created through Squarespace. Every quarter, we are subjected to TSYS PCI compliance to ensure that our credit card system is secure. For the very first time, we did not pass compliance this quarter because our website is vulnerable to "clickjacking." I am not a web designer or programmer so I do not know how to go about fixing this problem. I read several online blogs and watched a number of Youtube videos and if I understand correctly, I need to write some code that says, "X-Frame-Options-Deny" or "X-Frame-Options-Sameorigin" for each of the links I have in our webpage (history, drinks, entrees, and anywhere else you can link on the webpage). What are the steps to write code in a Squarespace webpage/domain? Is anyone familiar with "clickjacking" and can help us resolve this problem? We would greatly appreciate it. Thanks!
Solution paul2009 Posted April 5, 2022 Solution Posted April 5, 2022 1 hour ago, maryt6886 said: We are a small cafe that uses TSYS to accept credit card payments from customers and our web page was created through Squarespace. For the very first time, we did not pass compliance this quarter because our website is vulnerable to "clickjacking." I don't fully understand your question because Squarespace websites do not require independent PCI compliance testing and their sites do not use TSYS for payment processing. Can you explain a little more? Are you taking orders via the website? Regarding clickjack protection, this can be enabled in Settings > Advanced > Website Protection. This setting protects your site and visitors from UI redress attacks (also known as clickjacking), which are attempts to trick visitors into clicking a link that takes action on another, hidden site. ShortAngryViking 1 Me: I'm Paul, a SQSP user for >18 yrs & Circle Leader since 2017. I value honesty, transparency, diversity and good design ♥. Work: Founder of SF.DIGITAL. We provide high quality original extensions to supercharge your Squarespace website. Content: Views and opinions are my own. Links in my posts may refer to my own SF.DIGITAL products or may be affiliate links. Forum advice is completely free. You can thank me by selecting a feedback emoji. Buying a coffee is generous but optional.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment