This article is a part of our Web Security Knowledge Base (back to index)

Why HTTPS Content Available via HTTP can be dangerous

It means that the content which was initially accessed via HTTPS (i.e. with SSL/TLS encryption) is also accessible through HTTP (so without encryption).

HTTP connections are considered insecure. Using those may lead to many attacks like cookie hijacking or man in the middle and then performing further attacks such as stealing user session or modifying the content shared between the service and the user.

How to fix HTTPS Content Available via HTTP

Ensure that the web server, application server, load balancer, etc. are configured to serve the secure content only via HTTPS.

Make all connections via HTTP to be redirected to safe HTTPS.

Disable option of enforcing HTTP by browser.

Consider implementing HTTP Strict Transport Security.

How does ScanRepeat report HTTPS Content Available via HTTP

ScanRepeat checks whether HTTPS content is also available through HTTP. It reports every occurrence of such a vulnerability providing both HTTPS and HTTP URLs.

Would you like to test your application now against this problem? Sign up for our free trial

Scan Your Web App Now
Scan your application
for 14 days for free

No credit card is required. No commitment.

Sign Up Free