Question 1: Can both HTTP POST and HTTP GET be monitored at the same time?
Question 2: Can the Endpoint Agent monitor HTTP response?
For example, if I have a keyword policy looking for "dog" and "cat", when I search the internet for "dog" I get an incident but the response from internet website search engine that included "the dog chased the cat" is not reported.
Question 3: How can we monitor this HTTP response in Prevent mode?
Answer 1: By default the DLP Endpoint Agent only monitors HTTP POST. However HTTP GET can be enabled via the Endpoint Agent advanced settings. (NetworkMonitor.ENABLE_HTTP_GET_MONITORING.int)
If you enable HTTP GET then the DLP Endpoint Agent will monitor both HTTP POST and HTTP GET at the same time; the HTTP POST will not be disabled when HTTP GET is enabled.
Answer 2: It is not possible to monitor HTTP Responses on the Endpoint Agent.
Answer 3: If you want to do two-way HTTP monitoring with DLP you will need to use DLP Network Prevent for Web.
For additional information, please see related article What is the difference between HTTP GET and POST?.