Statistics

ZAP maintains statistics which can help you understand what is really happening when interacting with large applications.

The statistics are available via the API and can be also sent to a Statsd server when configured via the Options Statistics screen.

Site based statistics

Statistics maintained on a per site basis include:

  • response codes, eg:
    • stats.code.200
    • stats.code.302
  • response times in ms (using a logarithmic scale), eg:
    • stats.responseTime.1
    • stats.responseTime.2
    • stats.responseTime.4
    • stats.responseTime.8
    • stats.responseTime.16
  • content types, eg:
    • stats.contentType.text/css
    • stats.contentType.text/html;charset=utf-8
  • tags, eg:
    • stats.tag.Password
    • stats.tag.Hidden
  • anticsrf tokens generated:
    • stats.acsrf.anticsrf
  • authentication info:
    • stats.auth.success (number of authentication successes)
    • stats.auth.failure (number of authentication failures)
    • stats.auth.state.assumedin (number of messages between successful polls that are assumed to be logged in)
    • stats.auth.state.loggedin (number of messages that appear to be logged in)
    • stats.auth.state.loggedout (number of messages that appear to be logged out)
    • stats.auth.state.noindicator (number of messages where no logged in or out indicators have been set)
    • stats.auth.state.unknown (number of messages which don't contain either logged in or out indicators)

See also

UI Overview for an overview of the user interface
Features provided by ZAP