ah8r
commented
7 years ago I like this idea, but I think it would be better to have a more generic blacklist ability.
For instance, you could add a rules for detecting strings / regex in certain locations and blacklisting those requests / responses from the scan. Examples:
Match "Content-Type: image/jpeg" in Response Headers
Match "/images/.*.jpe?g" in Request Headers
This makes it more flexible for users who don't just want to blacklist based on Content-Type, but maybe other headers or even parts of the URL.
This would look like the Anti-csrf tokens listbox: the goal is to allow the user to specify content-types that should be ignored (or retained) by the scanner. Typically when we want to stop reporting issues on json responses or images or stylesheets, etc.