If you want a TLDR summary of the new rules to share, here you go:
- Payment pages must only load JS required for processing payments.
- Payment pages must restrict what JS loads, for example with CSP.
- Payment pages must integrity check JS, for example with SRI.
- Payment pages must be monitored for changes, for example with CSP reporting