- Available on Premium tier plans -
Setting custom headers
The OWASP ZAP scanner allows the configuration of arbitrary headers that get sent with each request. To set a header for the scanner, perform the following steps:
1. Once you've created your target, go to the targets screen, and edit the target by clicking the pencil button on the target's row:
2. With the edit modal open, click on the Request Headers dropdown. Here you can enter in any arbitrary header key and value pair:
To setup Authorization headers, use the key Authorization and make sure to set the strategy and encode the credentials according to the authentication strategy. For example, for Basic type authentication, the username password pair are base64 encoded.
For more information on Basic, see the Mozilla article Basic Authentication Scheme
For other Authorization types, see the Mozilla article Authorization
The Request Headers field supports any arbitrary key and value conforming to the standard set of values supported for HTTP request headers. You may set up to 5 HTTP header keys. Common values are X-API-KEY, X-Token, and Authorization, but aren't limited to only those keys.
Setting custom cookies
The OWASP ZAP scanner allows the configuration of arbitrary cookies that get sent with each request. To set a cookie for the scanner, perform the following steps:
1. Once you've created your target, go to the targets screen, and edit the target by clicking the pencil button on the target's row:
2. With the edit modal open, click on the Request Cookies dropdown. Here you can enter in any arbitrary cookie key and value pair:
Enter in your desired values for the cookie's Name, Value, Domain, Path, and select your settings for SameSite and the Secure attribute.