HTTP Only Site

Risk:
Medium

Type:
Active

CWE:
311

Summary: The site is only served under HTTP and not HTTPS.

Solution: Configure your web or application server to use SSL (https).

Other info: There was no automatic redirection. ZAP attempted to connect via: https://example.com

References

https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html

https://letsencrypt.org/