In which of the following techniques does an attacker use a combination of upper- and lower-case letters in an XSS payload to bypass the WAF?
1) Character encoding
2) URL encoding
3) Hex encoding
4) Mixed case encoding