When you add a target, Probely will only scan pages under that target, i.e., it will not scan any pages from a different hostname.

If your target is a Single-Page App (SPA), this could be a problem. In a SPA, the web app is pretty much built in Javascript, and the server-side application is invoked via an API. Sometimes, this API sits under app.example.com/api, but it's very frequent to see the API on a dedicated host, such as api.example.com.

This is what the setting "Add extra hosts" is for.  If you have an api residing on a different hostname, you can add it there. This way, our scanner will scan the API as well.

Technically speaking, what this option does, is:

  • Any XMLHttpRequest performed to a host added under this setting, is followed and scanned.

Did this answer your question?