13:[["$","$L142",null,{"props":{"lessonContent":{"components":[{"type":"MarkdownEditor","content":{"version":"2.0","text":"$143","mdHtml":"

We learned how to increase security using web controls such as HTTP headers, but how do we ensure that we’re always up to date with security controls? How do we ensure there isn’t a regression next week where headers are removed from an HTTP ...

","comp_id":"3P-KkvgGetGyuBskFOg_d","cursorPosition":1051},"iteration":5,"hash":1,"saveVersion":16}],"summary":{"tags":["monitoring","webapp","security"],"description":"Explore methods to monitor your web applications by validating HTTP security headers and integrating security checks into your development cycle. Understand how to detect regressions early and maintain strong security controls in complex environments by using tools like WebPageTest and Check My Headers.","titleUpdated":true},"content":[{"type":"MarkdownEditor","content":{"version":"2.0","text":"$144","mdHtml":"

","comp_id":"3P-KkvgGetGyuBskFOg_d","cursorPosition":1051},"iteration":5,"hash":1,"saveVersion":16}],"darkModeContent":[{"type":"MarkdownEditor","content":{"version":"2.0","text":"$145","mdHtml":"

","comp_id":"3P-KkvgGetGyuBskFOg_d","cursorPosition":1051},"iteration":5,"hash":1,"saveVersion":16}]},"isPreviewLesson":false,"pageType":"collection_lesson","aiCoachVideoUrl":"https://youtu.be/kgl8y9J3O6c","collectionDetailsSSR":{"title":"Web Application Security: Understanding HTTP Security Headers","summary":"This course teaches you hands-on practical use of HTTP security headers as browser security controls to help secure web applications.\n\nFor each HTTP security header that can enhance your web application security, you'll learn what is the overall risk of not implementing it, and what does a proposed solution help with. Finally, you'll learn how to implement and configure the security header with Helmet, a popular and well maintained Node.js package on npm.","details":"","clos":["Establishing secure web applications using HTTP security headers","Understanding Content Security Policy","Configuring Node.js web applications securely","Learning how to test and monitor for security headers and vulnerable JavaScript libraries","Roadmap for next steps in web controls and security headers spec"],"arabic_available":false,"page_tags":{"6590089602793472":"lighthouse,testing,security","5904274870501376":"","4983703055892480":"helmet,node.js,npm package","5759911750270976":"monitoring,webapp,security","5342363586134016":"webpagetest,security testing,performance testing","5283608609685504":"http,hsts,ssl","5226340774051840":"XSS,Internet Explorer,IE8","5242468342693888":"referrer,referer","6165492524908544":"http headers,migration,security controls","4593038314700800":"security testing,build","6200548022812672":"content-security-policy,CSP,browser security control","4898570479075328":"x-frame-options,iframe","4875675728084992":"","5380882287296512":"security headers,browser","5066286703837184":"heroku,git,Node.js","6105410764275712":"privacy,web spec","6009839152005120":"https,ssl,certificate","4819951587164160":""},"collection_toc_is_enabled":true,"page_count":null,"docker":{"envs":[],"container":{"buildLogUrl":"https://www.educative.io/api/author/6369210000211968/collection/6214384662609920/containers/6489644251742208/build/log","imageName":"author-6369210000211968-collection-6214384662609920-rev-18-container-6489644251742208-hsts_brew_final","file":{"name":"HSTS_brew_final.tar.gz","size":3786},"buildStatusUrl":"https://www.educative.io/api/author/6369210000211968/collection/6214384662609920/containers/6489644251742208/build/status","metadata":{"sizeInBytes":3786},"id":-1,"tarballDownloadUrl":"https://www.educative.io/api/author/6369210000211968/collection/6214384662609920/containers/6489644251742208/download","rebuildImageUrl":"https://www.educative.io/api/author/6369210000211968/collection/6214384662609920/containers/6489644251742208/rebuild","buildStatus":"SUCCESS","track":false},"version":3,"jobs":[{"key":"a_MUGE4NbOlaY1R80eVnq","name":"Chrome","inputFileName":"foo","runScript":"export DISPLAY=:1.0;\nuseradd -m chromeuser;\ngoogle-chrome --no-sandbox","jobType":"GUI","forceRelaunchOnRun":false,"forceRelaunchOnCompChange":true,"runInLiveContainer":false},{"key":"pNaYJBC234v_1Ik9zvHvR","name":"run_mal","inputFileName":"foo","runScript":"cp -r /usercode /Educative/nodejssecurity-headers-xframe-malicious","ports":"3000","startScript":"cp -r /usercode /Educative/nodejssecurity-headers-xframe-malicious\ncd /Educative/nodejssecurity-headers-xframe-innocent\nnohup npm start > /dev/null 2>&1 &\ncd /Educative/nodejssecurity-headers-xframe-malicious\nnpm start","jobType":"Live","https":false,"forceRelaunchOnRun":false,"runInLiveContainer":true},{"key":"B4OpzciNNzoW6GWc3kyco","name":"Chrome_hsts","inputFileName":"foo","runScript":"cd /Educative/nodejssecurity-headers-hsts/ \nnohup npm start > /dev/null 2>&1 &\nexport DISPLAY=:1.0;\ngoogle-chrome --no-sandbox","jobType":"GUI","forceRelaunchOnRun":false,"forceRelaunchOnCompChange":true,"runInLiveContainer":false},{"key":"dU2L1rfdPvznHh13PnpKj","name":"Chrome_hsts-mkcert","inputFileName":"foo","runScript":"nohup google-chrome --no-sandbox --disable-gpu --disable-software-rasterizer > /dev/null 2>&1 &\nsleep 3\npkill chrome\neval \"$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)\"\nmkcert -install\nclear\ntmux \\new-session \"cd /Educative/nodejssecurity-headers-hsts && npm start ; read\" \\; split-window \"export DISPLAY=:1.0 && google-chrome http://localhost:80 https://localhost:443 --no-sandbox --disable-gpu --disable-software-rasterizer; read\" \\; select-layout even-horizontal","jobType":"GUI","forceRelaunchOnRun":true,"forceRelaunchOnCompChange":true,"runInLiveContainer":false},{"key":"2w6T32N3QuP0T1PMoNOfc","name":"debug","inputFileName":"foo","runScript":"echo \"hi\"","ports":"3000","startScript":"echo \"hi\"","jobType":"Live","forceRelaunchOnRun":true,"runInLiveContainer":true},{"key":"Zg9nqvQXGGJuTurEHh_rc","name":"Chrome_hsts-mal","inputFileName":"foo","runScript":"cp -r /usercode/* /Educative/nodejssecurity-headers-xframe-malicious\ncd /Educative/nodejssecurity-headers-xframe-innocent\nnohup npm start > /dev/null 2>&1 &\ntmux \\new-session \"cd /Educative/nodejssecurity-headers-xframe-malicious && npm start ; read\" \\; split-window \"export DISPLAY=:1.0 && google-chrome http://localhost:3000 --no-sandbox --disable-gpu --disable-software-rasterize; read\" \\; select-layout even-horizontal","jobType":"GUI","forceRelaunchOnRun":true,"forceRelaunchOnCompChange":true,"runInLiveContainer":false},{"key":"voswksFkoJ7OwojQq8wP_","name":"Chrome_hsts-inn","inputFileName":"foo","runScript":"cp -r /usercode/* /Educative/nodejssecurity-headers-xframe-innocent\ncd /Educative/nodejssecurity-headers-xframe-innocent\nnohup npm start > /dev/null 2>&1 &\ntmux \\new-session \"cd /Educative/nodejssecurity-headers-xframe-malicious && npm start ; read\" \\; split-window \"export DISPLAY=:1.0 && google-chrome http://localhost:3000 http://localhost:3001 --no-sandbox --disable-gpu --disable-software-rasterize; read\" \\; select-layout even-horizontal","jobType":"GUI","forceRelaunchOnRun":true,"forceRelaunchOnCompChange":true,"runInLiveContainer":false}],"loaded":true},"discounted_price":null,"cover_image_id":6163948040093696,"cover_image_metadata":"{\"width\":1024,\"height\":512,\"sizeInBytes\":49566,\"name\":\"Understanding HTTP Security Headers_ .png\"}","cover_image_serving_url":"/v2api/collection/6369210000211968/6214384662609920/image/6163948040093696","tags":["web security","http security headers","Security headers","X XSS protection","Chrome's lighthouse"],"intro_video_url":"","intro_video_thumbnail_url":null,"aggregated_widget_stats":{"MarkdownEditor":68,"codeExerciseCount":0,"codeRunnableCount":1,"codeSnippetCount":31,"illustrations":19,"MxGraphWidget":1,"Code":1,"VNC":4,"Quiz":5,"Image":18,"SpoilerEditor":3,"StructuredQuiz":3,"TerminalWidget":1,"projects":0,"assessments":0},"default_themes":{"code_themes":{"SPA":"default","Code":"default","isForced":{"SPA":false,"Code":false,"Markdown":false,"RunJS":false},"Markdown":"default","RunJS":"default"}},"api_keys":{"api_keys":[]},"skills":[],"testimonials":[],"licensing":null,"target_audience":"beginner","author_id":"6369210000211968","collection_id":"6214384662609920","approval_status":3005,"price":29,"is_private":false,"path_type":"regular","organization_id":null,"is_mini":false,"is_priced":true,"brief_summary":" Gain insights into HTTP security headers, learn their risks, explore solutions, and discover how to implement them using Helmet for enhanced web application security.","approval_update_time":"2021-10-04T17:42:20.560Z","rating_visibility":true,"update_last_published_on_homepage":true,"show_developed_by":true,"udata_files":[],"CodeThemes":{"Code":"default","Markdown":"default","RunJS":"default","SPA":"default","isForced":{"Code":false,"Markdown":false,"RunJS":false,"SPA":false}},"is_marked_for_deletion":false,"transition_page_title":"","is_redirectable":false,"collection_type":"collection","adaptive_learning_mode":false,"HLOs_to_toc":{},"is_guide":false,"read_time":4200,"allow_logged_out_executions":false,"unique_live_widget_urls":false,"metadata_status":101,"palified_version":null},"pageSummarySSR":{"title":"Monitor your web application","description":"Explore methods to monitor your web applications by validating HTTP security headers and integrating security checks into your development cycle. Understand how to detect regressions early and maintain strong security controls in complex environments by using tools like WebPageTest and Check My Headers.","discourse_page_url":"https://discuss.educative.io/tag/monitor-your-web-application__whats-next__web-application-security-understanding-http-security-headers?open=true&ctag=web-application-security-understanding-http-security-headers__liran-tal&cslug=web-application-security-http-headers&pslug=monitor-your-web-application"},"adaptiveLearningConfigConstantSSR":0,"enableLessonPageLockedBannerV2":true,"allowAllLessonPreview":false,"lockedBannerStatsSSR":{"b2cTrialStats":{"is_b2c_trial_active":true,"b2c_trial_active_duration":21,"b2c_trial_categories":"$146"},"b2cStatus":100,"learnerTags":"$147","workStats":1630,"interviewWorksStats":100,"inL2cStarterPack":false,"l2cWorkStats":46,"enableL2cStarterPackPaymentWidget":"false"},"pageTocSSR":"

Monitoring and Shifting-left

","authorId":"6369210000211968","collectionId":"6214384662609920","pageId":"5759911750270976","isCollectionPageLockedCachingEnabled":true,"aceFeatureFlags":{"enableAceEditor":true,"enableAceEditorForAnswers":true},"serverConfigConstants":{"enable_notepad_prompt_ai":"$undefined"},"codeFeatureFlags":{"enableCodeCodeTabRedesign":"3"},"meta":{"type":["Article","TechArticle"],"title":"Monitor Web Application Security with Effective Header Controls","name":"Web Application Security: Understanding HTTP Security Headers","description":"Learn how to monitor HTTP security headers and ensure robust security controls for your web application using practical tools and techniques.","image":"https://educative.io/api/collection/6369210000211968/6214384662609920/image/6163948040093696.png","isAccessibleForFree":false,"keywords":"$147","provider":"Educative","publisher":"Educative","id":"courses/web-application-security-http-headers/monitor-your-web-application","author":"Liran Tal","educationalLevel":"beginner","noIndex":true,"isForcedNoIndex":true,"noFollow":false,"redirectInfo":{"isDeletedCollectionPageRedirectable":false},"page_titles":{"6590089602793472":"Chrome's Lighthouse","5904274870501376":"X Content Type Options","4983703055892480":"Helmet - a Node.js Package for HTTP Security Headers","5759911750270976":"Monitor your web application","5342363586134016":"WebPageTest","4875675728084992":"Check My Headers command-line application","5226340774051840":"X XSS Protection","5242468342693888":"Referer and Referrer Policy","6165492524908544":"Establish a CSP and Security Headers standard","4593038314700800":"Summary","6200548022812672":"Content Security Policy","4898570479075328":"X Frame Options","5283608609685504":"HTTP Strict Transport Security","5380882287296512":"Headers as Browser Security Controls","5066286703837184":"Requirements","6105410764275712":"Other browser security headers and controls","6009839152005120":"The State of HTTP Security","4819951587164160":"Educational resources"},"is_marked_for_deletion":false,"transition_page_title":"","is_redirectable":false,"deleted_course_lesson_redirect":{"author_id":null,"collection_id":null,"page_id":null,"redirect_url_slug":null},"metadata_status":101,"additional_course_alternatives":[]},"requestUrl":"/courses/web-application-security-http-headers/monitor-your-web-application","requestUrlInfo":{"authorId":6369210000211968,"collectionId":6214384662609920,"pageId":5759911750270976,"courseUrlSlug":"web-application-security-http-headers","pageUrlSlug":"monitor-your-web-application"},"isExternalContent":false}}],[["$","script",null,{"id":"generate-data","type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"$148"}}],false,"$undefined"]]