Custom Headers
Overview
Custom headers allow you to configure HTTP headers that are automatically included with every request during penetration testing. This is essential for authentication and useful for tracking Pensar’s requests in your network logs.
Use Cases
Add API keys, bearer tokens, or custom auth headers to access protected endpoints.
Include identifiers to filter and monitor Pensar’s requests in your logs and monitoring tools.
Add headers required by your infrastructure for routing to specific environments or backends.
Include headers that enable specific features or test configurations in your application.
Configuring Custom Headers
Common Examples
Authentication Headers
Request Tracking
Add a custom header to identify Pensar’s requests in your logs:
This makes it easy to:
- Filter Pensar’s requests in your log aggregation tools
- Exclude test traffic from analytics
- Monitor scan activity in real-time
- Correlate findings with specific requests
How It Works
Custom headers are merged with the default headers for every HTTP request the agent makes:
- Your custom headers are loaded when the scan starts
- Each
http_requesttool call includes your headers automatically - Command-line tools (curl, etc.) also include the headers when applicable
Custom headers are applied in addition to the default User-Agent: pensar-apex header. If you specify a custom User-Agent, it will override the default.
