HTTPS Content Available via HTTP

Type: Active Scan

Risk: Low

Description

Content which was initially accessed via HTTPS (i.e.: using SSL/TLS encryption) is also accessible via HTTP (without encryption).

Solution

Ensure that your web server, application server, load balancer, etc. is configured to only serve such content via HTTPS. Consider implementing HTTP Strict Transport Security.

References

CWE: 311

WASC: 4

Code

Last updated: 2020-07-20 08:53:37.296Z