psiinon edited this page Jun 3, 2016 · 1 revision


ZAP maintains statistics which can help you understand what is really happening when interacting with large applications.

The statistics are available via the API and can be also sent to a Statsd server when configured via the Options Statistics screen.

Site based statistics

Statistics maintained on a per site basis include:

  • response codes, eg:

    • stats.code.200
    • stats.code.302
  • response times in ms (using a logarithmic scale), eg:

    • stats.responseTime.1
    • stats.responseTime.2
    • stats.responseTime.4
    • stats.responseTime.8
    • stats.responseTime.16
  • content types, eg:

    • stats.contentType.text/css
    • stats.contentType.text/html;charset=utf-8
  • tags, eg:

    • stats.tag.Password
    • stats.tag.Hidden
  • anticsrf tokens generated:

    • stats.acsrf.anticsrf
  • authentication info:

    • stats.auth.success (number of authentication successes)
    • stats.auth.failure (number of authentication failures)
    • stats.auth.state.loggedin (number of responses that appear to be logged in)
    • stats.auth.state.loggedout (number of responses that appear to be logged out)
    • stats.auth.state.noindicator (number of responses where no logged in or out indicators have been set)
    • stats.auth.state.unknown (number of responses which don't contain either logged in or out indicators)

See also

     UI Overview for an overview of the user interface
     Features provided by ZAP
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.