diff --git a/js/csrfprotector.js b/js/csrfprotector.js
index 6f37913..84e0465 100644
--- a/js/csrfprotector.js
+++ b/js/csrfprotector.js
@@ -19,7 +19,10 @@ var CSRFP = {
 	 *
 	 * @var string array
 	 */
-	checkForUrls: [],
+	checkForUrls: Array.prototype.slice.call(document.getElementsByName("CSRFP_checkForUrls"))
+		.map(function (element) {
+		return element.value;
+		}),
 	/**
 	 * Function to check if a certain url is allowed to perform the request
 	 * With or without csrf token
@@ -314,3 +317,7 @@ function csrfprotector_init() {
 	}
 
 }
+
+window.addEventListener("DOMContentLoaded", function() {
+	csrfprotector_init();
+}, false);
diff --git a/libs/csrf/csrfprotector.php b/libs/csrf/csrfprotector.php
index 6c63ee5..b1b20e3 100755
--- a/libs/csrf/csrfprotector.php
+++ b/libs/csrf/csrfprotector.php
@@ -396,33 +396,29 @@ public static function ob_handler($buffer, $flags)
 		    $buffer = preg_replace("/<body[^>]*>/", "$0 <noscript>" .self::$config['disabledJavascriptMessage'] .
 		    	"</noscript>", $buffer);
 
-		    $arrayStr = '';
+		    $urls = array();
 		    if (!self::useCachedVersion()) {
 		    	try {
 		    		self::createNewJsCache();
 		    	} catch (exception $ex) {
 		    		if (self::$config['verifyGetFor']) {
-						foreach (self::$config['verifyGetFor'] as $key => $value) {
-							if ($key != 0) $arrayStr .= ',';
-							$arrayStr .= "'". $value ."'";
-						}
+						$urls = self::$config['verifyGetFor'];
 					}
 		    	}
 		    }
 
-		    $script = '<script type="text/javascript" src="' .self::$config['jsUrl']
-		    	.'"></script>' .PHP_EOL;
-
-		    $script .= '<script type="text/javascript">' .PHP_EOL;
-		    if ($arrayStr !== '') {
-		    	$script .= 'CSRFP.checkForUrls = [' .$arrayStr .'];' .PHP_EOL;
+		    //implant hidden fields with check url information for reading in javascript
+		    if (count($urls) > 0) {
+		        $hiddenInput = function ($str) {
+		            return sprintf('<input type="hidden" name="CSRFP_checkForUrls" value="%s"></input>', $str);
+		        };
+		        $hiddenInputUrls = array_map($hiddenInput, $urls);
+		        $hiddenInputUrlStr = implode(PHP_EOL, $hiddenInputUrls);
+		        $buffer = str_ireplace('</body>', $hiddenInputUrlStr . '</body>', $buffer);
 		    }
-		    $script .= 'window.onload = function() {' .PHP_EOL;
-		    $script .= '	csrfprotector_init();' .PHP_EOL;
-		    $script .= '};' .PHP_EOL;
-		    $script .= '</script>' .PHP_EOL;
 
 		    //implant the CSRFGuard js file to outgoing script
+		    $script = '<script type="text/javascript" src="' . self::$config['jsUrl'] . '"></script>' . PHP_EOL;
 		    $buffer = str_ireplace('</body>', $script . '</body>', $buffer, $count);
 		    if (!$count)
 		        $buffer .= $script;