HTTPS to HTTP Insecure Transition in Form Post

Why it can be dangerous and how to fix it

This article is a part of our Web Security Knowledge Base (back to index)

Why “HTTPS to HTTP Insecure Transition in Form Post” can be dangerous

The insecure HTTP website is an easy target to be hijacked through man-in-the-middle attack making it possible for the secure HTTPS forms to be replaced or spoofed by the attacker. This could lead to disclosure of users' sensitive data which they provide to be sent with secure forms. It can result in credential leakage providing an opportunity for eavesdroppers to perform unauthorised actions.

How to fix “HTTPS to HTTP Insecure Transition in Form Post”

Use HTTPS for pages which host secure forms.

How does ScanRepeat report “HTTPS to HTTP Insecure Transition in Form Post”

ScanRepeat looks for insecure HTTP pages which host HTTPS forms. It reports every occurrence of such a vulnerability, providing the URL of the insecure page and points to the evidence which is the HTML form element.

Would you like to test your application now against this problem? Sign up for our free trial

Scan Your Web App Now
Scan your application
for 14 days for free

No credit card is required. No commitment.

Sign Up Free