Details
Alert Id 10040
Alert Type Passive
Status release
Risk
CWE 311
WASC 4
Technologies Targeted All
Tags OWASP_2017_A06
OWASP_2021_A05
WSTG-V42-CRYP-03

Summary

The page includes mixed content, that is content accessed via HTTP instead of HTTPS.

Solution

A page that is available over SSL/TLS must be comprised completely of content which is transmitted over SSL/TLS. The page must not contain any content that is transmitted over unencrypted HTTP. This includes content from third party sites.

Other Info

References

Code

org/zaproxy/zap/extension/pscanrules/MixedContentScanRule.java