You can now configure AWS WAF to block, allow, or monitor (count) requests based on Cross-Site Scripting (XSS) match conditions. XSS attacks are those where the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts (like Javascript) into other legitimate user’s web browsers. This XSS match condition feature prevents these vulnerabilities in your web application by inspecting different elements of the incoming request.