top of page
  • Writer's pictureBrent Payne

HTTP URL contains a password input field

When a URL leverages the HTTP protocol while also featuring a form with a password submission field, it is considered insecure.


Why is this important?

Exchanging sensitive details like passwords must occur over a secure channel. Since the data sent via HTTP URLs are unencrypted, the user's information can be intercepted, making it unsecured to handle such forms over HTTP.


What does the Optimization check?

The Optimization initiates an alert if any internal HTTP URL includes a password field within its code structure.


Examples that trigger this Optimization:

The Optimization would be activated by any URL incorporating the below HTML code:


<form action="action_page.php">Username:<br><input type="text" name="username"><br>Password:<br><input type="password" name="password"></form>


How do you resolve this issue?

It is strongly advised to have the site fully operated over HTTPS, as there are multiple benefits to doing so.


Otherwise, you should eliminate the password form from the HTTP page and provide a link to a secure HTTPS page or present it in a different secure window.


Further reading

0 views0 comments

Recent Posts

See All

The skip-link target should exist and be focusable

At Loud Interactive, we're committed to ensuring that digital accessibility is at the forefront of website design and development. During our SEO audits, we look for and attempt to identify an area of

Timed meta refresh must not exist

At Loud Interactive, we regularly perform a SEO audits. We often stumble upon an important issue that could significantly impact user experience and accessibility on websites. We're talking about the

bottom of page