Remove via-scanner DAST header as it can cause authentication to fail
Problem to solve
Via-Scanner header added as part of #327564 (closed) can DAST authentication to fail when scanning a website that accesses external domains. This occurs when the browser rejects the request due to violation of a CORS policy.
Error in browser console
Access to XMLHttpRequest at '[url with external domain]' from origin '[current url]' has been blocked by CORS policy: Request header field via-scanner is not allowed by Access-Control-Allow-Headers in preflight response.
Via-Scanner header should be optionally added using the CI/CD variable
What is the type of buyer?
Reported by Ultimate customer in this internal ticket