Passive Mixed Content
Impact: Low
Description
When a user visits a page served over HTTPS, their connection with the web server is encrypted with TLS and is therefore safeguarded from most sniffers and man-in-the-middle attacks. An HTTPS page that includes content fetched using cleartext HTTP is called a mixed content page. Pages like this are only partially encrypted, leaving the unencrypted content accessible to sniffers and man-in-the-middle attackers. That leaves the pages unsafe. Moilla Passive contents are like images, audio, or videos. This type of content controls the appearance of the web page. That’s why they are also called display content.
Recommendation
Make sure all resources are loaded using HTTPS protocol.
References
👉 You might also like:
Basic Authentication Over HTTP - Vulnerability
Cookie without Secure Flag - Vulnerability
Password Input on HTTP - Vulnerability
Password Sent in HTTP Query - Vulnerability
Last updated on August 07, 2021