Several web applications customize their responses based on the headers in the HTTP request. By modifying HTTP header settings, you can test your web application for various scenarios, such as receiving a request from a certain device or a certain country.
HTTP Header Settings
- Protocol - Specifies the HTTP protocol used by your web application. The default value is HTTP/1.1. You can learn more about the different versions of the HTTP protocol here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Evolution_of_HTTP.
- User-Agent - Allows the server to identify the operating system and the software making the request. If your web application responds differently on different browsers or devices, you can use this field to request the different versions of your web application and test them. You can learn more about the User-Agent HTTP header here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent.
- Accept Header - Informs the server of the content types the client is able to understand. You can learn more about the Accept header here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept.
- Accept-Charset - Informs the server of the character set that the client is able to understand. You can learn more about the Accept-Charset header here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Charset.
- Accept-Language - Informs the server of the languages that the client is able to understand. If your web application is multi-lingual, you can test the web pages for different languages by modifying this field. You can learn more about the Accept-Language header here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Language
- Extra Header - Specifies the headers required by your application, apart from the standard HTTP headers. For example, your REST API may require the inclusion of authentication keys in the header. Headers must be entered in the format
name: value. Multiple headers should be written on separate lines.
- Accept Encoding - Informs the user of the content encoding the client is able to accept. You can learn more about the Accept-Encoding header here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Encoding.
- Cookie - Specifies the HTTP cookies that are necessary to retrieve the desired state in your application. Cookies are written in the
key=valueformat and separated by the semi-colon(
Lock Cookie Values for Duration of Scan
Web applications can modify the values of HTTP cookies based on their current state. If you select the Lock cookie values for duration of scan option, the value of your desired cookies will remain unchanged during the scan. You can select the Apply to all cookies option to lock the values of all the cookies, or apply this setting to specific cookies by adding them to the Cookie to lock text area. Cookies must be provided in the