Authentication-Blocking requests based on user identity.
Logging and auditing-Tracking users of a web application.
Image conversion-Scaling maps, and so on.
Data compression-Making downloads smaller.
Localization-Targeting the request and response to a particular locale.
XSL/T transformations of XML content-Targeting web application responses to more that one type of client.
Querying the request and acting accordingly
Blocking the request and response pair from passing any further.
Modifying the request headers and data. You do this by providing a customized version of the request.
Modifying the response headers and data. You do this by providing a customized version of the response.