HTTPS to HTTP Insecure Transition in Form Post

Risk:
Medium

Type:
Passive

CWE:
CWE-319

Summary: This check identifies secure HTTPS pages that host insecure HTTP forms. The issue is that a secure page is transitioning to an insecure page when data is uploaded through a form. The user may think they’re submitting data to a secure page when in fact they are not.

Solution: Ensure sensitive data is only sent over secured HTTPS channels.

Other info: The response to the following request over HTTPS included an HTTP form tag action attribute value: https://example.com The context was: <form name="someform" action="http://example.com/processform">

Free security scan for your website

Don't show website scan report rating on the leaderboard