Custom Header tab

The Custom Headers tab of Parameters and Cookies view in the Configuration dialog box.

About this task

The third tab of Explore: Parameters and Cookies view lets you define non-standard (custom) HTTP header formats. AppScan® must be able to identify parameters in response content and correctly add them to headers it sends to the site, in order to be able to test the site effectively. It attempts to recognize custom headers automatically, but you can use this tab to add and modify the definitions. You can also activate or deactivate existing definitions (when deactivated the definition is saved with the scan but not used).

Procedure

To create new definition, click

; to modify an existing definition, select the header in the table and click

The Add/Edit Custom Header dialog box opens. Its fields and options are described in the table following.


Setting	Description
Select header...	If requests have been recorded, and AppScan has identified a custom header, it will appear in a drop-down list at the top of the dialog box. If no custom headers have been found, this drop-down list does not appear. If you select a header from this list, the remaining fields are filled automatically.
Header Name	The HTTP header name.
Track Type
Login/Dynamic/Fixed	Login Value: (Default, and Recommended) Requests sent to the application that include this header use the value of the header received at the end of the login process. Dynamic Value: Requests sent to the application that include this header use the most recent value received from the application. Fixed Value: Requests sent to the application that include this header always use the value that you enter in the Value field.
Value	(Fixed only) Enter the value.
Format	(Dynamic only) Define the format of the full header, with one or more groups for the dynamic values, starting with `{0}` for the first group, `{1}` for the next, and so on.
Regular expression	(Dynamic only) Regexp defining the values in the site's response. Must include a group for each value defined in the Format field.
Regular expression review pane	(Dynamic only) Click to expand. Use this pane to validate your regexp. Enter the full response in the upper field, and the lower field will display groups identified, and their values.
Header Validation	Indicates whether or not the header definition has been successfully validated for use when scanning.

Results

When you add a custom header definition, it appears in the Custom Headers list, and the check box next to it is selected, indicating that the definition is activated. Deactivated entries are saved with the scan but not used.