Manage Targets
Add Custom Headers
The Custom Header module in ZeroThreat lets you include custom HTTP headers to interact with the back-end properly, such as authorization tokens, API keys, or content types. This setting ensures that those headers are sent with the requests, allowing the scanner to communicate with the application in the same way a legitimate user or service would.
In addition, adding custom request headers can help differentiate scanner traffic from real user traffic in your logs. For example, you might add a unique header like X-Scanner-User: ZeroThreat to clearly identify requests made by the scanner. This helps in monitoring and troubleshooting by making it easier to distinguish between genuine user activity and automated scans.
How to pass custom headers?
- Navigate to the Targets Section
Start by going to the Targets section within the application.
.png)
- Select a Target
Click on the.png)
specific target you wish to configure. This will open the Target Configuration settings. - Access the Request Headers Section
Within the target configuration, locate and navigate to the Request Headers section. - Add a Custom Header
- In the Request Headers section, you’ll see an option to select the request target. Choose the appropriate request target.
- Enter the Header Key and Value that you want to include in the requests.
- Example:
- For the Header Key, enter
"access_token". - For the Header Value, enter
"emZyb3RocmVhdCBpcyB3b3JsZCdzIG1vc3QgaW50ZWxsaWdlbnQgc2Nhbm5lcg==".
- For the Header Key, enter
- Example:
.png)
- Save and Apply
After entering the custom header, the changes will get saved. The custom header will now be included in all requests made to the selected target.