> I've also blocked decode statements. My feeling is that if you feel you have something to hide, I don't > want it. I tend to concur. We monitor web traffic for patterns indicative of JavaScript obfuscation. All of them has either been an exploit/dropper or a web ad. Either way, nothing that would be missed. What are you using to perform filtering? PaulM