The paper presents an improved method of monitoring the state of a website with a focus on the security of the client interface (front-end). An architectural solution is proposed based on the use of Selenium WebDriver in combination with Chrome DevTools Protocol (CDP) to emulate user interaction with the web interface, intercept internal browser events, and then transfer the collected data to the Zabbix monitoring system for further analysis and alerts. The methodology allows detecting security breach indicators, such as JavaScript errors, XSS injections, violations of CSP/CORS policies, cases of mixed content, vulnerabilities related to dangerous cookie flags, and other typical signs of compromise or incorrect user interface implementation.
Today, in the context of the rapid development of information technology and the growing digitalisation
of business, the role of websites as one of the main channels of interaction with users, partners and
customers is becoming increasingly important. Modern IT systems are constantly growing and becoming
more complex and dynamic, which necessitates the implementation of efective solutions for monitoring
their status and operation. Most monitoring solutions are focused primarily on the infrastructure level:
monitoring server availability, network interfaces, resource consumption, performance metrics, etc.
At the same time, the front-end part of websites, which is straight interacted with by the customers,
remains out of focus of traditional monitoring [
In practice, it means that potentially dangerous security incidents or failures will remain undetected
for a considerable period of time [
In view of this, there is a need to create solutions that can monitor the client side of websites in real time, with a focus on security, stability and compliance with modern web development standards. Of particular relevance are approaches that allow integrating such solutions into the existing infrastructure of an enterprise, ensuring continuous verification of the behaviour of the web interface in the production environment.
The purpose of this study is to improve the methods of monitoring the state of a website by means of an architectural solution that combines tools for emulating user behaviour with mechanisms for reading internal browser events, with subsequent analysis and transmission of the results to the monitoring system. This approach allows automated control over the state of the client side of websites, detection of indicators of security breaches or functional malfunctions, and prompt notification of potential incidents to the responsible persons.
Most website health monitoring methods usually focused on a limited set of metrics, such as resource availability monitoring (checking HTTP status codes), performance monitoring (tracking page load times, execution times of certain requests, etc.), and the use of external services (UptimeRobot, Pingdom, Datadog, etc.). There are also approaches based on static code analysis or server log checking, which are mostly focused on business logic or backend vulnerabilities and only partially address the behaviour of the client side.
This problem is especially relevant for one page websites that are created with React, Angular or Vue.js, where the client’s logic is important for the correct operation of the interface. Request delays or form failures may cause critical errors that will not be detected by traditional monitoring tools.
That is why it is necessary to improve and develop new methods that allow you to solve these limitations and use monitoring with more eficiency by implementing integration with the browser interface, providing real-time tracking of various internal events and errors that impact the stability, security and functionality of the website front-end.
In recent years, the website monitoring industry has seen the emergence of many individual solutions, each of which addresses a part of the security problem. At the same time, most of them are focused either on the backend or on the initial stages of CI/CD (Continuous Integration/Continuous Deployment), while active monitoring of the client layer in the production environment remains poorly understood.
Most approaches, such as integrating tests into CI/CD [
Modern monitoring systems, such as Zabbix 7.0 with Selenium support [
Some studies consider the possibility of using the Chrome DevTools Protocol (CDP - a set of tools
from Google for remote browser control) for deeper analysis of browser behaviour [
Approaches based on the MITRE ATT"&"CK framework (a matrix of known attacker tactics and
techniques) remain relevant for modelling attack scenarios [
Tools such as OWASP ZAP, ModSecurity with OWASP Core Rule Set (CRS), as well as Snyk
(dependency and vulnerability analytics in code) or SonarQube (code quality analysis platform) [
In total, the analysis of sources allows to identify the following aspects:
• The growing popularity of DevTools API in scientific research [
These challenges are addressed by the architecture proposed in this paper, which combines UI monitoring, DevTools logic, real-time analysis, and centralised response via Zabbix monitoring system.
To solve the problem of detecting threats, errors and other security events on the user side, it is proposed to implement website monitoring at the level of user interface usage, based on the following components: 1 Selenium Webdriver – for launching a browser session and simulation human interactions. 2 Chrome DevTools Protocol (CDP) is a channel for accessing browser logs in real time. 3 Python script - initiates the launch of the Chrome browser in headless mode using Selenium.
Then it checks internal browser events through the Chrome DevTools Protocol (CDP): JavaScript errors in the browser console, CSP, trafic, etc. The script can also run XSS tests or another custom scripts to inspect the functionality of a website. This script also performs error classification and generates statuses for the monitoring system. 4 Zabbix Server is the main monitoring system that receives the results of checks from the Python script and generates the appropriate triggers, alerts, and reports. It also analyses statuses from monitoring agents or external sources. 5 Notification System is a component for automatically informing responsible persons about detected problems by sending email, SMS or other types of notifications. Based on the specified triggers, Zabbix generates notifications that can be sent via API or webhooks for integration with third-party services (e.g. Jira, PagerDuty).
The proposed architecture is aimed at creating passive and continuous security monitoring at the UI level. The idea is to integrate user action emulation tools (Selenium) with Chrome DevTools interfaces to receive notifications of errors, unsafe actions, or suspicious behaviour without interfering with the application code. The results of the checks are sent to the monitoring system (Zabbix), which creates alerts and graphs. This allows for full monitoring in a live browser, including console errors, DOM events, CSP policies, and other risk signals that are not captured by traditional logging systems or a Web Application Firewall (WAF), as shown in Figure 1.
The testing methodology consists of running a Python script that opens a web page in a real browser (Chrome) using analysis via DevTools Protocol. The received messages are filtered and classified. This ensures the collection of a comprehensive set of diagnostic data that allows you to identify both functional and security issues in the client side of the website. After that, the script analyses them (as shown in Table 1): • whether there were any JavaScript errors; • whether any security risks have been detected (insuficient CSP, mixed content, etc.); • the extent to which the existing risk signs are repeated on diferent pages; • the impact of load or other scenarios on the security of the interface.
The methodology involves automated page crawling using a headless browser, with the results analysed in DevTools via CDP. Each check is performed by a script and analysed by an external handler that generates a report. Then the result is transferred to Zabbix, where a trigger is generated. If the triggers are fired, notification system send message to responsible persons via a specified notification channel (email, Slack, SMS, etc.).
The testing procedure includes: • Connecting the Selenium WebDriver to a CDP-enabled browser. • Run the scripts to open the landing pages. • Collect logs through DevTools (console, network, security). • Processing and classification of messages. • Sending a summary status to Zabbix.
• Generating notifications, saving history for audit.
As part of the experiment, we conducted our own tests with a sample of 50 websites that were tested according to the above procedure, including corporate websites (React, Vue.js, Angular), e-commerce solutions (WooCommerce), information portals (WordPress/Joomla), forums (phpBB). The incidents were categorised as shown in Figure 2: CSP Violations, JavaScript errors, mixed content, DOM XSS events and insecure cookies.
The proposed approach can be used for providing risk assessment guidelines, for developing specific programs to improve the resilience of their websites, etc.
Analysis of capabilities and limitations of existing traditional monitoring methods shows that there is a huge number of diferent metrics, but they do not use tools for continuous UI monitoring. The proposed approaches for detecting threats at the UI level with including automation script provides continuous auditing without the needing of manual interaction.
Overall, the paper contributes to the improvement of monitoring methods, suggesting new approaches that can be useful for developers and site owners and will help responsible persons to prevent new categories of IT incidents and ensure fast detection of them.
The authors have not employed any Generative AI tools.