Mixed Resource Detection
Medium Web Application Scanning Plugin ID 98091
SynopsisMixed Resource Detection
DescriptionScanner discovered that the affected site is utilising both HTTP and HTTPS. While the HTML code is served over HTTPS, the server is also serving resources over an unencrypted channel, which can lead to the compromise of data, while providing a false sense of security to the user.
SolutionAll pages and/or resources on the affected site should be secured equally, utilising the latest and most secure encryption protocols. These include SSL version 3.0 and TLS version 1.2.
While TLS 1.2 is the latest and the most preferred protocol, not all browsers will support this encryption method. Therefore, the more common SSL is included. Older protocols such as SSL version 2, and weak ciphers (< 128 bit) should also be disabled.