# XSS Prevention

Prophaze WAF can prevent advanced XSS attacks in the following ways

* Blocks injection of client side scripts into browsers by attackers which allows them to steal session and cookie data
* Uses Open source lib injection library along with regular expressions
* HTML tag finder
* Style/Script Tag prevention
* JS Fragment prevention (URI)
* CSS Fragment Prevention
* Blocks XSS fingerprints
* Event Handler Block
* Attribute Vector Prevention
* Noscript html injection
* IE filters
* Malformed XSS Filter
* UTF-7 encoding XSS Prevention (IE)
* Disallowed HTML attributes