diff --git a/README.md b/README.md
index 81dadd5..c81713e 100644
--- a/README.md
+++ b/README.md
@@ -266,22 +266,34 @@ Here’s list of tools [@_justYnot](https://twitter.com/_justYnot) used:
## XSS firewall bypass techniques
Here’s a list of 7 useful techniques on how we can bypass WAF (Web Application Firewall) while exploiting XSS (Cross-Site Scripting) in a web application:
1. Check if the firewall is blocking only lowercase:
-
+```
+
+```
2. Try to break firewall regex with new line (\r\n), aka. CRLF injection:
+```
+```
3. Try double encoding:
+```
%2522
+```
4. Testing for recursive filters, if firewall removes the text in bold, we will have clear payload:
+```
ipt>alert(1);ipt>
+```
5. Injecting anchor tag without whitespaces:
+```
+```
6. Try to bypass whitespaces using a bullet:
+```