Prevent client-side threats with JavaScript security policies

PageGuard is an automated JavaScript security solution that protects websites and web applications from client-side cyber attacks in real-time. Based on the Zero Trust model, PageGuard runs continuously in the background to automatically detect and block unauthorized scripts and anomalous code behavior.

Automated JavaScript
security policies

PageGuard adds security permissions and policies to JavaScript-based applications. PageGuard protects every page of a website or web application by automatically applying security configurations and permissions for continuous monitoring of and protection from malicious client-side activities, malware, and third-party scripts.

PageGuard is always on, always monitoring, and helps businesses guard their web assets from cyberthreats including:

  • Cross-site scripting (XSS)
  • DOM-based cross-site scripting (XSS)
  • Magecart
  • Digital skimming & e-skimming
  • Data harvesting & exfiltration
  • Formjacking
  • Sideloading
  • Chainloading
  • Credential stuffing
  • Websocket data exfiltration

Automated client-side threat protection

PageGuard continuously analyzes all scripts from the user perspective to uncover unauthorized activities and behaviors.

PageGuard allows businesses to:

  • Protect their websites and web applications form skimming and Magecart attacks.
  • Deploy JavaScript security access controls to eliminate customer data exfiltration risk.
  • Observe browser-level code activities to identify and stop malicious activity in real-time.
  • Automate client-side web security operations.

Continuous client-side security coverage

PageGuard enables companies to drive continuous client-side JavaScript security to protect their most valuable asset, their customers.

PageGuard enables businesses to:

  • Build, monitor, and protect their client-side attack surface across all of their user journeys.
  • Classify mapped JavaScript web assets based on their function, value, and level of potential vulnerability.
  • Automatically monitor, detect, and act on new scripts, third-party script changes, code changes, and changes in code behavior to enable client-side web asset protection.
  • Enable third-party JavaScript security practices.
  • Deploy customer data exfiltration security capabilities.

Protection regardless of version or patch priority

PageGuard protects client-side applications and websites regardless of their version or availability of exploits.

PageGuard automatically blocks:

  • Unauthorized first- or third-party scripts
  • Unauthorized frames
  • Known web vulnerabilities
  • Standard input value access
  • Non-standard input value access
  • Data exfiltration processes

How PageGuard works

PageGuard deploys security permissions and policies to JavaScript-based web applications to continuously protect them from malicious client-side activities, malware, and third-party scripts.

How to deploy PageGuard


Configure initial settings
  • Script & frame blocking
  • Input read access blocking
  • XHR/Network monitoring
  • Storage monitoring
  • DOM security events monitoring


Install PageGuard by adding a few lines of code to your web site or web applications
  • Private cloud
  • On-premise


Start monitoring, analyzing, and protecting your web assets
  • Receive real-time threat detection and prevention alerts
  • Integrate with SIEM, SOAR, and other technologies

Learn How to Guard Your Web Applications Today

See Client-Side Security in Action!

Integrate with your technologies

PageGuard allows customers to ingest client-side telemetry and cyber threat intelligence (CTI) into their security products for intelligence aggregation and collection. Customers enhance their externally sourced and server-side collected CTI with client-side collected and aggregated CTI from PageGuard. Current integrations include:

Stop the most common front-end attacks

What is e-skimming?

E-skimming, commonly referred to as ‘Magecart’ attack, is a process in which malicious threat actors, nation-state sponsored hackers, and financially motivated hackers gain access to an online store of a company. These threat actors inject skimming code onto payment card processing pages of the website in order to make financial gain.

Cross-site scripting (XSS)

Cross-site scripting (XSS) is a security vulnerability typically found in web applications that allows threat actors to bypass access controls. XSS injects the malicious code into target website content, making it a part of the website. This allows the threat actor conducting an XSS attack to affect victims who may visit or view that website.

Sideloading and сhainloading

Sideloading and chainloading techniques allow threat actors to load malicious JavaScripts code onto target websites using legitimate scripts and tools. E-skimming breaches via sideloading can go undetected for a long time because infected code is loaded directly by web browsers outside of the companies security perimeter.

JavaScript library manipulation

Web applications that use third-party JavaScript code are vulnerable because of the inherent lack of security controls. Third-party JavaScript code tends to have an unrestricted level of access to sensitive data at the browser-level. JavaScript code is extremely vulnerable to obfuscation and tampering, making it easy for hackers and other threat actors to input query strings into forms to access, steal, or contaminate protected data.