PageGuard | How it works | Feroot

How PageGuard Works

PageGuard deploys security permissions and policies to JavaScript-based web applications to continuously protect them from malicious client-side activities, malware, and third-party scripts.

Discover Real-Time Security Signals on Your Web Application’s Client-Side

PageGuard is a small but powerful library that our customers embed in their websites and web applications. Once embedded, PageGuard performs active permission control in your chosen JavaScript browser environment.

PageGuard overwrites certain main and core JavaScript code to protect your web application from client-side cyber threats. It runs continuously in the background to automatically detect unauthorized scripts and anomalous code behavior. After detection, PageGuard blocks all unauthorized and unwanted behavior in real-time.

PageGuard is able to block a variety
of JavaScript functions and features:
Unauthorized Scripts
  • Inline scripts
  • Tags
  • Scripts dynamically added into your code
  • Scripts indirectly loaded thorough attributes and Evan()-like functions
Unauthorized Frames
  • Through frame and iframe tag
  • Through object tag
  • Through embed tag
  • Nested frame blocking
Input Read Access
  • Standard input value access
  • Non-standard input value access
PageGuard is able to monitor a variety
of JavaScript functions and security events:
XHR / Network monitoring
  • Monitor network AJAX
  • XML HTTP requests
  • Image loads
  • Network requests
Storage monitoring
  • Detect script activity (read and write)
  • Cookie storage
  • Session storage
  • Local storage
DOM security events monitoring
  • DOM leve
  • Script level
  • Resource level

PageGuard is not only good at protecting your web applications from client-side attacks, it is also great at collecting client-side cyber threat intelligence for you to utilize to protect your network. PageGuard telemetry includes:

  • Date and time when a script is being loaded in the browser.
  • If a script is being sideloaded or chainloaded.
  • Where the script is being loaded from.
  • % of affected users who have loaded the particular script.
  • % of affected pages (I.e # of pages that the script is loaded).

Want to see
PageGuard in action?

Client-Side Security
Enables You to:

Stop Data
Exfiltration For Good

Thrive with an automatically protected client-side attack surface.

Fully Disable
Client-side Threats

Uncover abnormal web application behaviors and threats and fully disable e-skimming, cross-site scripting, formjacking, and other client-side attacks.

Compliance Indefinitely

Stay ahead of current and future data privacy regulations.

Gain Peace of Mind With Automated Client-side Security

Rest easy that your web applications and your client-side data are always protected with JavaScript security permissions.

Integrate JavaScript Security Policies With Your Existing Technologies and Processes


PageGuard allows customers to ingest client-side telemetry and cyber threat intelligence (CTI) into their security products for intelligence aggregation and collection. Customers enhance their externally sourced and server-side collected CTI with client-side collected and aggregated CTI from PageGuard. Current integrations include:

Want to see
PageGuard in action?