Asset Verification
Before Detectify can scan your assets, you must verify that you own or control them. Verification prevents unauthorized scanning and ensures that only legitimate asset owners can run security assessments.
Why Verification Is Required
Detectify actively tests your applications for vulnerabilities by sending real requests and payloads. Verifying ownership ensures you have the authority to perform these tests and protects third parties from unauthorized scanning.
Each root domain you add must be verified independently. Subdomains under a verified root domain are automatically covered by the parent verification.
Verification Methods
Detectify supports several methods for proving domain ownership. Choose the one that best fits your workflow.
DNS TXT Record
This is the most common verification method. You add a TXT record to your domain’s DNS configuration.
- Go to Assets and select the domain you want to verify.
- Click Verify and choose DNS TXT Record.
- Copy the verification value provided (for example,
detectify-verification=abc123def456). - Log in to your DNS provider and add a new TXT record for your domain with the copied value.
- Return to Detectify and click Verify.
DNS propagation can take up to 24 hours, though most changes take effect within minutes. Detectify periodically checks for the record, so verification may complete automatically.
File Upload
Place a verification file on your web server at a specific path.
- Go to Assets and select the domain you want to verify.
- Click Verify and choose File Upload.
- Download the verification file provided by Detectify.
- Upload the file to your web server so it is accessible at
https://yourdomain.com/.well-known/detectify-verification. - Return to Detectify and click Verify.
The file must be accessible over HTTPS and return a 200 status code.
Meta Tag
Add a verification meta tag to the HTML of your domain’s homepage.
- Go to Assets and select the domain you want to verify.
- Click Verify and choose Meta Tag.
- Copy the provided meta tag (for example,
<meta name="detectify-verification" content="abc123def456" />). - Add the tag inside the
<head>section of your homepage HTML. - Return to Detectify and click Verify.
This method works well if you have direct access to your site’s HTML but limited access to DNS or server configuration.
Verification for IP Addresses
IP address assets follow a separate verification process. When you add an IP, Detectify prompts you to confirm ownership through one of the supported methods available for IPs in your account settings.
Keeping Verification Active
Verification is checked periodically. Do not remove your DNS TXT record, verification file, or meta tag after verification succeeds. If Detectify can no longer find the verification proof during a recheck, the asset may become unverified and scanning will pause until verification is restored.
Troubleshooting
| Issue | Solution |
|---|---|
| DNS TXT record not detected | Wait up to 24 hours for DNS propagation. Confirm the record is set on the correct domain (not a subdomain). |
| File upload returns 404 | Verify the file path is exactly /.well-known/detectify-verification. Check that your server is not redirecting the request. |
| Meta tag not found | Ensure the tag is inside <head>, not <body>. Confirm the page is accessible over HTTPS without authentication. |
Next Steps
Once your assets are verified, you can connect cloud providers to automatically sync new assets, or go directly to running your first scan.