When you add a target, Probely will only scan pages under that target, i.e., it will not scan any pages from a different hostname.

If your target is a Single-Page App (SPA), this could be a problem. In a SPA, the web app is pretty much built in Javascript, and the server-side application is invoked via an API. Sometimes, this API sits under app.example.com/api, but it's very frequent to see the API on a dedicated host, such as api.example.com.

This is what the setting "Add Site to Target" is for. If you have an API residing on a different hostname, you can add it there. This way, our scanner will scan the API as well.

Technically speaking, what this option does, is:

  • Any XMLHttpRequest performed to a host added under this setting, is followed and scanned.

In order to add an extra host, just access your target's Settings page and locate the "Extra Hosts" tab:

Once you've done so, simply paste your API's host and click ADD.

Did this answer your question?