top of page
Writer's pictureBrent D. Payne

HTTP URL contains a password input field

When a URL leverages the HTTP protocol while also featuring a form with a password submission field, it is considered insecure.


Why is this important?

Exchanging sensitive details like passwords must occur over a secure channel. Since the data sent via HTTP URLs are unencrypted, the user's information can be intercepted, making it unsecured to handle such forms over HTTP.


What does the Optimization check?

The Optimization initiates an alert if any internal HTTP URL includes a password field within its code structure.


Examples that trigger this Optimization:

The Optimization would be activated by any URL incorporating the below HTML code:


<form action="action_page.php">Username:<br><input type="text" name="username"><br>Password:<br><input type="password" name="password"></form>


How do you resolve this issue?

It is strongly advised to have the site fully operated over HTTPS, as there are multiple benefits to doing so.


Otherwise, you should eliminate the password form from the HTTP page and provide a link to a secure HTTPS page or present it in a different secure window.


Further reading

6 views
bottom of page