Details
Alert Id 10047
Alert Type Active Scan Rule
Status beta
Risk Low
CWE 311
WASC 4

Summary

Content which was initially accessed via HTTPS (i.e.: using SSL/TLS encryption) is also accessible via HTTP (without encryption).

Solution

Ensure that your web server, application server, load balancer, etc. is configured to only serve such content via HTTPS. Consider implementing HTTP Strict Transport Security.

References

Code

org/zaproxy/zap/extension/ascanrulesBeta/HttpsAsHttpScanRule.java