Obfuscation, obscuring the meaning of source code, has been proposed as a security measure to protect JavaScript applications running in web browsers on the client-side. This paper presents a comparative study of online JavaScript obfuscators, looking at the obfuscation techniques they employ and assessing their resilience, potency and the costs associated with the obfuscation process. We conclude that while several current obfuscators are theoretically quite resilient and potent, in most cases their output can effortlessly be reversed by automatic deobfuscators. We also suggest several methods for strengthening JavaScript obfuscation.