HostedScan’s default settings include all subdomains discovered in the ZAP scan. For example, when scanning both and would be included in the scan. However, in some cases there is noise from including all the subdomains, especially if some properties are outside of the user’s control. For example, if a blog is hosted by a third-party vendor.

With HostedScan, you can fully customize the scope of the scan to precisely control which domains, subdomains, and URLs are included in the scan. Follow the steps below:

1. On - click to edit the desired target

2. Click to expand the relevant OWASP ZAP Crawler Setting:

3. Make changes to the desired settings and click "Submit"

4. Run a new scan for the target