Details
Alert Id 10106
Alert Type Active
Status beta
Risk Medium
CWE 311
WASC 4
Technologies Targeted All
Tags OWASP_2017_A06
OWASP_2021_A05
WSTG-V42-SESS-02

Summary

The site is only served under HTTP and not HTTPS.

Solution

Configure your web or application server to use SSL (https).

References

Code

org/zaproxy/zap/extension/ascanrulesBeta/HttpOnlySiteScanRule.java