HTTP to HTTPS Redirect Not Enabled

Medium Web Application Scanning Plugin ID 112544


HTTP to HTTPS Redirect Not Enabled


HTTPS is enabled on the website however HTTP requests are not redirected to HTTPS. Communications are not encrypted if users doesn't explicitly access to HTTPS version of the website.


Enable HTTP to HTTPS redirect for all requests. Besides redirects if HTTP Strict Transport Security (HSTS) is not implemented it's highly recommended to enable it.

See Also

Plugin Details

Severity: Medium

ID: 112544

Type: remote

Family: SSL/TLS

Published: 2019/02/12

Updated: 2019/02/12

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Reference Information

WASC: Insufficient Transport Layer Protection

OWASP: 2010-A9, 2013-A6, 2017-A3