Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Support
Working with Scans

Adding a custom header to your scans in Invicti Enterprise

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

Adding a custom “Header:Value” pair to your scans allows you to whitelist Invicti Enterprise in your web application firewalls and other similar protectıon mechanisms. These mechanisms can block Invicti Enterprise’s HTTP requests, resulting in inconsistent web security scan results.

This document explains how to add a custom header to your scans and to a custom scan policy in Invicti Enterprise.

TIP:

For more information about web application firewalls support in Invicti Enterprise, refer to the Web Application Firewall Support in Invicti document.

There are two ways to add a custom header:

Option A: How to add a custom header to a scan

To add a custom header to a scan follow these steps:

  • Select Scans > New Scan from the left-side menu.
  • Fill in the Target URL field.
  • In the Authentication section select Header.

  • Select the Enabled checkbox to enable header authorization.

  • Click the New Authentication Header button to show the Name and Value fields. Fill in the fields (in the example X-Scanner is used for the name, Invicti Enterprise for the value).

  • Optionally, you can click Save on the bottom of the page to save these settings as a new profile.

TIP:

For more information on profiles, refer to the Overview of Scan Profiles document.

  • Click Launch to start the scan.

Option B: How to add a custom header to a scan policy

  • Select Policies > New Scan Policy from the left-side menu.
  • Fill in the Name field and optionally the Description field.

  • In the Options section select Headers to open the headers options.

  • Click New to add a new blank row for your custom header.
  • Fill in the Name and Value fields. In the example we used X-Scanner and Invicti Enterprise accordingly.

  • Click Save at the bottom of the page.
  • Before running a new scan, select your custom Scan Policy from the dropdown. In the example, we used the Custom Header scan policy.

TIP:

For more information on launching a new scan, refer to the Creating a New Scan document.

IMPORTANT:

After configuring the scan or the scan policy as explained above, create a rule in your WAF, IPS, or a similar tool to allow your custom Header:Value request.

Confirming the custom header was recorded

  • After the scan is finished, navigate to the Technical Report section and click any of the issues found to display details.
  • Click on the Request/Response tab on the right-hand side.
  • Look for your custom header (in the example we used X-Scanner) in the Request section.
  • If it is present, the custom header was recorded.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports