From d0ff5ae03c69c9f7f149997baa0e0a75c2cb24d1 Mon Sep 17 00:00:00 2001
From: Andrea Dao <andrea.dao@bigcommerce.com>
Date: Tue, 21 May 2024 15:07:18 -0500
Subject: [PATCH] change heading levels

---
 docs/api-docs/storefront/scripts-overview.mdx | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/api-docs/storefront/scripts-overview.mdx b/docs/api-docs/storefront/scripts-overview.mdx
index 5f88e110f..128d0e474 100644
--- a/docs/api-docs/storefront/scripts-overview.mdx
+++ b/docs/api-docs/storefront/scripts-overview.mdx
@@ -106,7 +106,9 @@ Solutions that add dynamic script support using revisions to or additions of scr
 
 Release notes can work for all storefronts. Changes to the [OAuth scopes](/docs/start/authentication/api-accounts#oauth-scopes) of apps that use [app-level API accounts](/docs/start/authentication/api-accounts#app-level-api-accounts) require the store owner or other authorized user to accept the new scopes, which could provide a mechanism to trigger release note display. Store owners aren't prompted to reauthorize until they next open an app in the control panel, so direct contact may be advisable from a conversion perspective. You can't change the OAuth scopes for a [store-level API account](/docs/start/authentication/api-accounts#store-level-api-accounts), so directly contacting the store or stores that you want to change may be your only option for disclosure.
 
-## Subresource integrity
+## PCI compliance
+
+### Subresource integrity
 
 [Subresource integrity (SRI)](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) is a security feature browsers use to verify that attackers have not manipulated external hosted resources, including scripts.