How PageGuard Works

PageGuard deploys security permissions and policies to JavaScript-based web applications to continuously protect them from malicious client-side activities, malware, and third-party scripts.

Pageguard works
Discover real-time security

Discover Real-Time Security Signals on Your Web Application’s Client-Side

PageGuard is a small but powerful library that our customers embed in their websites and web applications. Once embedded, PageGuard performs active permission control in your chosen JavaScript browser environment.

PageGuard overwrites certain main and core JavaScript code to protect your web application from client-side cyber threats. It runs continuously in the background to automatically detect unauthorized scripts and anomalous code behavior. After detection, PageGuard blocks all unauthorized and unwanted behavior in real-time.

PageGuard is able to block a variety

of JavaScript functions and features:

Unauthorized Scripts

Inline scripts
Tags
Scripts dynamically added into your code
Scripts indirectly loaded thorough attributes and Evan()-like functions

Unauthorized Frames

Through frame and iframe tag
Through object tag
Through embed tag
Nested frame blocking

Input Read Access

Standard input value access
Non-standard input value access

PageGuard is able to monitor a variety

of JavaScript functions and security events:

XHR / Network monitoring

Monitor network AJAX
XML HTTP requests
Image loads
Network requests

Storage
monitoring

Detect script activity (read and write)
Cookie storage
Session storage
Local storage

DOM security events monitoring

DOM leve
Script level
Resource level

PageGuard telemetry.

Pageguard telemetry

PageGuard is not only good at protecting your web applications from client-side attacks, it is also great at collecting client-side cyber threat intelligence for you to utilize to protect your network. PageGuard telemetry includes:

  • Date and time when a script is being loaded in the browser.
  • If a script is being sideloaded or chainloaded.
  • Where the script is being loaded from.
  • % of affected users who have loaded the particular script.
  • % of affected pages (I.e # of pages that the script is loaded).

Client-Side Security Enables You to:

Stop Data
Exfiltration For Good

Stop Data
Exfiltration For Good

Thrive with an automatically protected client-side attack surface.

Fully Disable
Client side Threats

Fully Disable
Client-side Threats

Uncover abnormal web application behaviors and threats and fully disable e-skimming, cross-site scripting, formjacking, and other client-side attacks.

Maintain
Compliance Indefinitely

Maintain

Compliance Indefinitely

Stay ahead of current and future data privacy regulations.

Gain Peace of Mind With Automated Security

Gain Peace of Mind With
Automated Security

Rest easy that your web applications and your client-side data are always protected
with JavaScript security
permissions.

  • Splunk logo
  • Datadog logo
  • JupiterOne cybersecurity asset management logo
  • Sumo Logic logo
  • Logz.io logo
  • Webhooks integration services logo
  • Amazon CloudWatch logo
  • AWS CloudWatch Logs logo

Integrate With Your Existing Tools

Feroot helps customers to ingest client-side telemetry right into their existing security platforms.

Learn How to Detect Threats on Your Web Applications Today

Start Free Website Assessment