Skip to main content

Custom headers

Custom headers are additional HTTP headers included in every request the scanner sends to your target during a scan. Because they are set at the target level, they apply to all scans on that target. Common use cases include:

  • Authentication — pass tokens or session cookies the scanner needs to access protected pages (e.g. Authorization: Bearer eyJhbGci...)
  • Bypassing WAF or CDN blocks — mark scanner traffic as authorized to prevent it from being blocked (e.g. X-Scanner-Allowed: true)
  • Environment routing — direct requests to a specific environment or tenant (e.g. X-Tenant-ID: staging)
  • Required application headers — meet any header requirements your application enforces (e.g. X-API-Version: 2)

To configure custom headers:

  1. Select Inventory > Targets from the left-side menu.
  2. Locate the target you would like to amend, select the three-dot menu (⋮) > Edit target.
  3. Select Custom headers from the menu.
Custom headers menu in Target settings.
  1. Enter key and value pairs.
Custom headers key and value input fields.
  1. Click Save target configuration to confirm.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Last updated on
Was this page useful?