AWS Security ChangesHomeSearch

AWS securityagent documentation change

Service: securityagent · 2026-06-19 · Documentation low

File: securityagent/latest/userguide/perform-penetration-test.md

Summary

Added documentation for configuring custom HTTP headers during penetration tests, including steps to add/remove headers and default User-Agent behavior.

Security assessment

The change documents an optional configuration feature for penetration testing (a security activity) but shows no evidence of addressing a specific security vulnerability. It enhances security documentation by explaining header customization capabilities.

Diff

diff --git a/securityagent/latest/userguide/perform-penetration-test.md b/securityagent/latest/userguide/perform-penetration-test.md
index 4e877ced8..f2eb6908f 100644
--- a//securityagent/latest/userguide/perform-penetration-test.md
+++ b//securityagent/latest/userguide/perform-penetration-test.md
@@ -157,0 +158,23 @@ Add accessible domains for third-party services (such as Okta, Auth0, Stripe) th
+### Add custom HTTP headers (optional)
+
+Specify custom HTTP headers that will be added to any requests made by AWS Security Agent during penetration testing.
+
+  1. Locate the **Custom HTTP headers** section.
+
+  2. Click in the input field and enter a header name and value that will be associated with outbound requests.
+
+###### Note
+
+By default, AWS Security Agent will add a custom header for **User-Agent** set to **securityagent** unless a different custom **User-Agent** header value is specified.
+
+  3. To add multiple custom headers:
+
+    1. Click **Add header**.
+
+    2. Enter each additional custom header.
+
+  4. To remove a custom header, click **Remove** next to the header.
+
+
+
+