In HTTP communications, traffic is not encrypted and can be captured by an attacker who has access to a network interface.
Enable HTTPS and enforce using it.
👉 You might also like:
No Redirection from HTTP to HTTPS - Vulnerability
Basic Authentication Over HTTP - Vulnerability
BREACH attack - Vulnerability
Cookie without Secure Flag - Vulnerability
Last updated on February 15, 2021