Mixed Content
Description
The target application was found to request resources over insecure transport protocols (HTTP). This is usually due to HTML
elements which load resources using the http://
scheme instead of https://
. It should be noted that most modern browsers
block these requests automatically so there is limited risk.
Some parts of the application may not behave correctly since these files are not being properly loaded.
Remediation
Ensure all HTML elements which load resources from a URL (JavaScript, stylesheets, images, video and other media) are set to
use the https://
scheme instead of http://
. Alternatively, developers may use the //
scheme, which will only load resources
over the same protocol that the originating page was loaded.
A browser visiting the website https://example.com
with the HTML loading a file using
<script src="/docs//example.com/cdn/bundle.js"></script>
, would ensure the example.com/cdn/bundle.js
file was loaded over
HTTPS.
Details
ID | Aggregated | CWE | Type | Risk |
---|---|---|---|---|
319.1 | true | 319 | Passive | Info |