HOME / SUPPORT / Adding a custom header to your scans in Acunetix 360

Add a custom header to scans

Adding a custom ”Header:Value” pair to your scans allows you to whitelist Acunetix 360 in your web application firewalls and other similar protectıon mechanisms. These mechanisms can block Acunetix 360’s HTTP requests, resulting in inconsistent web security scan results.

This document explains how to add a custom header to your scans and to a custom scan policy in Acunetix 360.

There are two ways to add a custom header:

Option A: How to add a custom header to a scan

To add a custom header to a scan follow these steps:

  • Select Scans > New Scan from the left-side menu.
  • Fill in the Target URL field.
  • In the Authentication section select Header Authentication.

  • Select the Enabled checkbox to enable header authorization.

  • Click the New Authentication Header button to show the Name and Value fields. Fill in the fields (in the example X-Scanner is used for the name).

  • Optionally, you can click Save on the bottom of the page to save these settings as a new profile.

TIP:

For more information on profiles, refer to the Overview of Scan Profiles document.

  • Click Launch to start the scan.

Option B: How to add a custom header to a scan policy

  • Select Policies > New Scan Policy from the left-side menu.
  • Fill in the Name field and optionally the Description field.

  • In the Options section select Headers to open the headers’ options.

  • Click New to add a new blank row for your custom header.
  • Fill in the Name and Value fields. In the example we used “X-Scanner and “Acunetixaccordingly.

  • Click Save at the bottom of the page.
  • Before running the new scan, select your custom Scan Policy from the dropdown. In the example we used the Custom Header scan policy.

TIP:

For more information on launching a new scan, refer to the Creating a New Scan document.

IMPORTANT:

After configuring the scan or the scan policy as explained above, create a rule in your WAF, IPS or other similar tool to allow your custom Header:Value request.

Confirming the custom header was recorded

  • After the scan is finished, navigate to the Technical Report section and click any of the Issues found to display details.
  • Click on the Request/Response tab on the right-hand side.
  • Look for your custom header (in the example we used X-Scanner) in the Request section.
  • If it is present, the custom header is recorded.

 

« Back to the Acunetix Support Page