Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Support
Working with Scans

Adding a custom header to your scans in Invicti Standard

This document is for:
Invicti Standard

Adding a custom “Header:Value” pair to your scans allows you to whitelist Invicti Standard in your web application firewalls and other similar protectıon mechanisms. These mechanisms can block Invicti Standard’s HTTP requests, resulting in inconsistent web security scan results.

This document will explain how to add a custom header to your scans as a custom scan policy in Invicti Standard. For more information about web application firewall support in Invicti Standard, refer to the Web application firewall support in Invicti document.

There are two ways to add a custom header:

Option A: How to add a custom header to your scan

  • Click the New button in the Home tab.
  • In the Authentication settings select Header.

  • Select the Enabled checkbox to display a blank row for your custom header.
  • Click in the fields Name and Value to input the text. For this example, we used X-Scanner and Invicti Standard, respectively.

  • Click the Start Scan button to launch the scan with the custom header.

IMPORTANT:

You need to add the rule to your WAF, ISP or similar tool, before running a scan with a custom header. There is no possibility to save a scan profile in Invicti Standard.

If you want to save the custom header, you can either add a new scan policy (see Option B) or use scan profiles in Invicti Enterprise.

Option B: How to add a custom header to your scan policy

  • Click Scan Policy Editor in the Home tab.
  • In the pop-up window, click New to add a new row with the placeholder Name value “New Scan Policy”. Label it accordingly, in the example we use X-Scanner.

  • In the Settings below, select HTTP > Headers.

  • Click in the empty row to fill in the Name and Value fields accordingly. In the example we used X-Scanner and Invicti Standard accordingly.

  • In the Security Checks > Security Check Groups select all checks you want to apply to your custom policy.

TIP:

To learn more about working with the New Scan Policy in Invicti Standard, refer to the Creating a new scan policy in Invicti Standard document.

  • Click Apply, then OK.
  • Create a rule in your WAF, ISP, or other similar tool, to whitelist the specified custom header.

Confirming the custom header was recorded

  • After the scan has finished, click on a vulnerability in the Issues window.
  • In the Request window, click HTTP Request/Response and look for your custom header either in the Raw or Headers tab.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports