Manage Targets

Add Custom Headers

The Custom Header module in ZeroThreat lets you include custom HTTP headers to interact with the back-end properly, such as authorization tokens, API keys, or content types. This setting ensures that those headers are sent with the requests, allowing the scanner to communicate with the application in the same way a legitimate user or service would.

In addition, adding custom request headers can help differentiate scanner traffic from real user traffic in your logs. For example, you might add a unique header like X-Scanner-User: ZeroThreat to clearly identify requests made by the scanner. This helps in monitoring and troubleshooting by making it easier to distinguish between genuine user activity and automated scans.

How to pass custom headers?

  1. Navigate to the Targets Section

Start by going to the Targets section within the application.

Select Target Image
  1. Select a Target

Click on the Select Target Image specific target you wish to configure. This will open the Target Configuration settings.

  1. Access the Request Headers Section

Within the target configuration, locate and navigate to the Request Headers section.

  1. Add a Custom Header
  • In the Request Headers section, you’ll see an option to select the request target. Choose the appropriate request target.
  • Enter the Header Key and Value that you want to include in the requests.
    • Example:
      • For the Header Key, enter access_token.
      • For the Header Value, enter emZyb3RocmVhdCBpcyB3b3JsZCdzIG1vc3QgaW50ZWxsaWdlbnQgc2Nhbm5lcg==.
Thumbnail

  1. Save and Apply

After entering the custom header, the changes will get saved. The custom header will now be included in all requests made to the selected target.