Skip to content

Configuration: HTTP without HTTPS Redirect¶

Identifier: http_no_https_redirect

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

HTTP servers should redirect all traffic to HTTPS to ensure encrypted communication and prevent man-in-the-middle attacks.

How we test: We send HTTP requests to the server and analyze responses to detect if HTTP traffic is automatically redirected to HTTPS. We check for proper redirect status codes and verify that unencrypted connections are not accepted.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  http_no_https_redirect:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.