Research Academy
My account Customers About Blog Careers Legal Contact Resellers

DAST

Setting the site scope

  • Last updated: April 7, 2026

  • Read time: 2 Minutes

When scanning a web app, the site scope defines which URLs you want to scan, and which you don't want to scan. Burp Scanner only visits URLs that are in scope.

Burp Suite DAST uses your Start URLs to define the scan scope automatically. You can refine the scope further by specifying URLs that are in scope, or out of scope.

Setting the scope to a domain

To scan everything under a domain, add the root domain as a start URL. For example, adding ginandjuice.shop/ scans everything under that domain.

Subdomains are not included by default. For example, admin.ginandjuice.shop is not in scope unless you add it as a separate start URL.

Setting the scope to a specific path

To restrict the scan to a directory, add a trailing slash to the URL. For example, adding ginandjuice.shop/catalog/ scans everything under /catalog/.

Note

If you omit the trailing slash, Burp Suite DAST scans the whole domain instead.

What happens when start URLs overlap

If your start URLs create overlapping scopes, the broadest scope takes precedence. For example, if you add both ginandjuice.shop/ and ginandjuice.shop/catalog/, the scope is set to ginandjuice.shop/.

Manually editing the scope

When you add a new web app site or edit an existing one, you can see the In-scope URL prefixes field being populated as you type the Start URLs. This helps you to see exactly how the scope is derived from your start URLs.

You can manually edit or add URL prefixes to modify your web app site's scope. For example, you can add URLs that are part of the same web application but not contained under the Start URLs.

You can also exclude URL prefixes that you don't want to scan. For example, you may want to exclude a section of your website that contains sensitive information.

Note

If you manually edit the In-scope URL prefixes, make sure that your Start URLs are included in this scope. If they're not, you won't be able to save the changes to your web app site.

To manually set the URL prefixes that are in scope:

  1. Add a new web app site, or edit an existing site.
  2. Under Site scope, select Detailed scope configuration.
  3. In the In-scope URL prefixes tab, select the Manually set in-scope prefixes tick box.
  4. Enter any additional addresses, or edit the existing ones.

To define URL prefixes that are out of scope:

  1. Add a new web app site, or edit an existing site.
  2. Under Site scope, select Detailed scope configuration.
  3. Select the Out-of-scope URL prefixes tab.
  4. Enter any addresses that you want to exclude from the site scope.

Related pages