Skip to main content

Header (Basic Auth, Bearer Token, etc...)

HostedScan supports adding custom headers to the requests for the ZAP scanner. Use this feature to easily authenticate with Basic Auth, Bearer Token, or other header based authentication methods.

Steps to configure a request header

1. Add the request header toyour HostedScan target

  • In your HostedScan account, edit the Target you are configuring for authenticated scanning.

    Configure HostedScan target for authenticated scanning

  • Configure the header key and value

    Configure header on target

  • Exclude logout URLs from the scan

    Ensure that the scanner does not log out during the scan by excluding the logout URL(s).

    Exclude URLs from scan

2. Run a scan!

  • Click the "New Scan" button
  • Select the OWASP ZAP Active Web Application Scan
  • Select your target
  • Continue through the scan options and click "Run Scan"