Scanfully supports custom request headers on a per-site basis. This lets Scanfully include a custom header, such as a token, with every request it makes to that site.
This is useful for sites behind a WAF, reverse proxy, or other protected setup where requests should only be accepted when a specific header is present. Instead of relying on a fixed IP or only matching the user agent, you can configure your site or firewall to allow requests that include the custom header value you define in Scanfully.
To use this feature, open the site settings page for the website you want to configure. Find the request headers section, add the header name and value you want Scanfully to send, then save your changes.
After that, Scanfully will include those headers in its HTTP requests for that site.
A common example is adding a custom token header and configuring the WAF to allow traffic only when that token is present. This gives you a more controlled way to allow Scanfully access to protected environments.
FAQ
What problem does this solve?
It helps Scanfully access sites that are protected by a WAF or another security layer that requires a custom header.
Is this the same as IP whitelisting?
No. This is a different approach. Instead of allowing traffic based on a source IP, you allow traffic based on a header and value you define.
Can I use any header name?
That depends on your own site or firewall rules. Scanfully sends the header you configure. Your infrastructure decides how to validate it.
