top of page
Writer's pictureBrent D. Payne

HTTPS URL contains a form posting to HTTP

At Loud Interactive, we've identified that the URL employs HTTPS yet hosts a form with an action set to a non-secure HTTP endpoint.


Why is this important?

Securing communication via HTTPS is crucial as it ensures the information sent between the client and server is encrypted. A form action pointing to an HTTP URL compromises this security, leading to potential data breaches.

Common browsers alert users with a security notification when they're about to submit information through an unsecured HTTP connection.


What does the Optimization check?

Loud Interactive's Optimization activates if it detects an HTTPS page containing a form that submits data to an unencrypted HTTP address.


Examples that trigger this Optimization:

A page such as https://example.com/secure-page would trigger this Optimization if it includes HTML like:

Form submitting to an HTTP URL with POST method:

<form action="http://example.com/process.php" method="POST"></form>


Form with no method attribute posting to an HTTP URL:


Form with GET method submitting to an HTTP URL:

<form action="http://example.com/process.php" method="GET"></form>


Form with POST method submitting to an HTTP URL using single quotes:

<form action='http://example.com/process.php' method='POST'></form>


Form with GET method posting to an HTTP URL with no quotation marks:

<form action=http://example.com/process.php method=GET></form>


How do you resolve this issue?

To secure the data transfer, update the form's action attribute to use an HTTPS URL, guaranteeing data encryption during transmission.


Further reading

11 views
bottom of page