Scan Settings: Cookies/Headers

To access this feature, click the Edit menu and select Default Scan Settings or Current Scan Settings. Then, in the Scan Settings category, select Cookies/Headers.

Standard Header Parameters

The options in this section are described in the following table.

Option Description
Include 'referer' in HTTP request headers Select this check box to include referer headers in Fortify WebInspect HTTP requests. The Referer request-header field allows the client to specify, for the server's benefit, the address (URI) of the resource from which the Request-URI was obtained.
Include 'host' in HTTP request headers Select this check box to include host headers with Fortify WebInspect HTTP requests. The Host request-header field specifies the Internet host and port number of the resource being requested, as obtained from the original URI given by the user or referring resource (generally an HTTP URL).

Append Custom Headers

Use this section to add, edit, or delete headers that will be included with each audit Fortify WebInspect performs. For example, you could add a header such as "Alert: You are being attacked by Consultant ABC" that would be included with every request sent to your company's server when Fortify WebInspect is auditing that site. You can add multiple custom headers.

The default custom headers are described in the following table.

Header Description
Accept: */* Any encoding or file type is acceptable to the crawler.
Pragma: no-cache This forces a fresh response; cached or proxied data is not acceptable.

Adding a Custom Header

To add a custom header:

  1. Click Add.

    The Specify Custom Header window opens.

  2. In the Custom Header box, enter the header using the format <name>: <value>.

  3. Click OK.

Append Custom Cookies

Use this section to specify data that will be sent with the Cookie header in HTTP requests sent by Fortify WebInspect to the server when conducting a vulnerability scan.

The default custom cookie used to flag the scan traffic is:

  CustomCookie=WebInspect;path=/

Adding a Custom Cookie

To add a custom cookie:

  1. Click Add.

    The Specify Custom Cookie window opens.

  2. In the Custom Cookie box, enter the cookie using the format <name>=<value>.

    For example, if you enter

      CustomCookie=ScanEngine

    then each HTTP-Request will contain the following header:

      Cookie: CustomCookie=ScanEngine

  3. Click OK.

See Also

Scan Settings: Allowed Hosts

Scan Settings: Authentication

Scan Settings: Custom Parameters

Scan Settings: File Not Found

Scan Settings: Filters

Scan Settings: General

Scan Settings: HTTP Parsing

Scan Settings: JavaScript

Scan Settings: Method

Scan Settings: Policy

Scan Settings: Proxy

Scan Settings: Requestor

Scan Settings: Session Exclusions

Scan Settings: User Agent