aixlabDocs
GitHub Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. aixlabDocs
  2. /
  3. Implementation Rules
  4. /
  5. Security Rules
  6. /
  7. Application Security
  8. /
  9. Enforce HTTPS

Enforce HTTPS

One minute to read https TLS

Static pages are susceptible to man-in-the-middle attacks, where an intermediary can secretly intercept, read, and modify browser requests or server responses on an unencrypted site.

The threat actor can inject forms, chat responses, or malicious scripts into the exchanges between a site and a user and leverage these methods for phishing, injecting malware, accessing remote file systems, and collecting cookie information.

HTTPS protects the user by encrypting all the traffic in their exchanges with the site, rendering it unreadable to intermediaries.

Resolution of the issue type Site does not enforce HTTPS involves implementation of HTTPS with a TLS certificate. We require a server-side HTTP 301 permanent redirect to the HTTPS endpoint.

source

Redirect from HTTP to HTTPS must be established on the same host, otherwise HSTS can’t be validate against central list.