This article is a part of our Web Security Knowledge Base (back to index)
Why HTTPS Content Available via HTTP can be dangerous
It means that the content which is accessible through HTTPS URLs can also be accessed through insecure HTTP URLs. It can result in the appearance of mixed content pages, that is HTTPS page that includes some insecure HTTP resources.
HTTP connections are considered insecure. Using those may lead to many attacks like cookie hijacking or man in the middle and then performing further attacks such as stealing user session or modifying the content shared between the service and the user.
How to fix HTTPS Content Available via HTTP
Make sure you enable HTTPS on your server.
Make sure to redirect all requests from HTTP to HTTPS site wide.
Disable option of enforcing HTTP by web browser.
Ensure that the web server, application server, load balancer etc. are configured to serve the secure content only via HTTPS.
Consider implementing HTTP Strict Transport Security.
How does ScanRepeat report HTTPS Content Available via HTTP
ScanRepeat checks whether HTTPS content is also available through HTTP. It reports every occurrence of such a vulnerability providing both HTTPS and HTTP URLs.
Would you like to test your application now against this problem? Sign up for our free trialScan Your Web App Now