Welcome WAF Tester

• The Cloudflare Web Application Firewall (Cloudflare WAF) checks incoming web and API requests and filters undesired traffic based on sets of rules called rulesets.
• Learn more about the product here

Query parameter names for XSS

• XSS in HTML context - ?globalHtml=payload
• XSS in HTML attribute context - ?attributeHtml=payload

Mandatory Requirement

• Test report should clearly show evidence of bypass
• Example: for XSS bypass, you must execute arbitrary Javascript. This means an alert(1) pop-up at minumum.