Security & Compliance
Security headers, accessibility compliance, PCI, privacy, and regulatory readiness for storefronts.
5 articles
PCI DSS 4 Headless eCommerce: SAQ Scoping Guide (2026)
How headless engineering teams clear PCI DSS 4 headless eCommerce audits in 2026 — navigating SAQ-A vs SAQ-A-EP and securing Hydrogen or Catalyst.
GitHub VS Code Extension Breach 2026: Engineering Response
GitHub's May 2026 internal breach started with a poisoned VS Code extension on an employee device. Engineering response and policy lessons for teams.
OpenAI Privacy Filter: Production Implementation Guide (2026)
How to deploy OpenAI's 1.5B parameter Privacy Filter in your Shopify stack to redact PII, secure API keys, and maintain UK GDPR compliance in 2026.
Security Headers for eCommerce: The Checklist
The 9 HTTP security headers every eCommerce store needs in 2026 — CSP, HSTS, COEP, COOP, and the Magecart-specific configs that block live skimmer attacks.
European Accessibility Act: eCommerce Compliance
The European Accessibility Act is now in force. Here's what eCommerce stores need to fix for compliance and why accessibility is good for business.