HTTP Only Site

The site is only served under HTTP and not HTTPS. This detector identifies websites that lack encryption for all communications, transmitting data in cleartext over the network.

Without HTTPS encryption, all data transmitted between the browser and server travels in cleartext, allowing attackers to intercept credentials, session tokens, and sensitive information through man-in-the-middle attacks. Network observers on shared WiFi, ISPs, or compromised routers can read or modify traffic. This exposure enables credential theft, session hijacking, and data tampering without the user’s knowledge.

Configure your web or application server to use SSL/TLS (HTTPS) for all connections. Obtain a certificate from a trusted Certificate Authority like Let’s Encrypt, install it on your server, and redirect all HTTP traffic to HTTPS. Consider implementing HTTP Strict Transport Security (HSTS) headers to prevent protocol downgrade attacks.