A technique allows a client computing system with a web browser to receive a web page in response to transmitting a request for content. The web page may include active content, html data and cascading style sheets (CSS). In embodiments, a gateway device may rewrite the web page dynamically by rewriting node identifiers and class names, removing and separating client-side scripts from html data and CSS data, and blocking or disabling execution of the client-side scripts if these scripts contain vulnerable code. A web page may be rewritten based on analysis information provided by a third-party or analyzed at the gateway device.