diff --git a/dejacode/settings.py b/dejacode/settings.py
index 952e011a..e7a2f0ad 100644
--- a/dejacode/settings.py
+++ b/dejacode/settings.py
@@ -722,6 +722,7 @@ def get_fake_redis_connection(config, use_strict_redis):
 
 # Default to 5 seconds.
 DEJACODE_INTEGRATION_REQUESTS_TIMEOUT = env.int("DEJACODE_INTEGRATION_REQUESTS_TIMEOUT", default=5)
+VULNERABLECODE_USER_AGENT = env.str("VULNERABLECODE_USER_AGENT", default="VCIO_API_AGENT")
 CREATE_DEPENDENCIES_DEFAULT = env.bool("CREATE_DEPENDENCIES_DEFAULT", default=True)
 
 if IS_TESTS:
diff --git a/dejacode_toolkit/vulnerablecode.py b/dejacode_toolkit/vulnerablecode.py
index 34980dcf..2fc56012 100644
--- a/dejacode_toolkit/vulnerablecode.py
+++ b/dejacode_toolkit/vulnerablecode.py
@@ -9,6 +9,7 @@
 from django.core.cache import caches
 
 from dejacode_toolkit import BaseService
+from dejacode_toolkit import get_settings
 from dejacode_toolkit import logger
 
 cache = caches["vulnerabilities"]
@@ -19,6 +20,12 @@ class VulnerableCode(BaseService):
     settings_prefix = "VULNERABLECODE"
     url_field_name = "vulnerablecode_url"
     api_key_field_name = "vulnerablecode_api_key"
+    user_agent = get_settings("VULNERABLECODE_USER_AGENT", default="VCIO_API_AGENT")
+
+    def get_session(self):
+        session = super().get_session()
+        session.headers.update({"User-Agent": self.user_agent})
+        return session
 
     def get_vulnerabilities(
         self,