Skip to main content

Security

The Recharge SDK is security and PCI compliant.

The merchant is still responsible for implementing and maintaining proper PCI compliance in their custom customer portal. The Recharge Frictionless Payments implementation uses Spreedly. You can see their latest recommendations here. Recharge does load the Spreedly script and ensures its integrity as part of the initFrictionlessPaymentV1 call.

Following is the minimal CSP rules for Recharge Frictionless Payments. You should add these to your CSP rules to ensure the frictionless payment form is loaded securely.

script-src https://*.spreedly.com https://www.datadoghq-browser-agent.com https://*.rechargecdn.com
child-src https://*.spreedly.com data:
iframe-src https://*.spreedly.com data:
connect-src https://.spreedly.com https://datadoghq-browser-agent.com https://browser-intake-datadoghq.com https://.checkouttools.com https://*.rechargecdn.com https://*.rechargeapps.com