HTTPS Content Available via HTTP
- Risk:
Low
- Type:
- Active
- CWE:
- CWE-311
- Summary
Content which was initially accessed via HTTPS (i.e.: using SSL/TLS encryption) is also accessible via HTTP (without encryption).
- Solution
Ensure that your web server, application server, load balancer, etc. is configured to only serve such content via HTTPS. Consider implementing HTTP Strict Transport Security.
- Other info
- ZAP attempted to connect via: http://example.org/
Free security scan for your website