logo

HTTPS to HTTP Insecure Transition in Form Post

  • Risk:
  • Medium

  • Type:
  • Passive
Summary

This check identifies secure HTTPS pages that host insecure HTTP forms. The issue is that a secure page is transitioning to an insecure page when data is uploaded through a form. The user may think they’re submitting data to a secure page when in fact they are not.

Solution

Ensure sensitive data is only sent over secured HTTPS channels.

Other info
The response to the following request over HTTPS included an HTTP form tag action attribute value: https://example.com The context was: <form name="someform" action="http://example.com/processform">

Free security scan for your website