正式なドキュメントは英語版であり、この日本語訳はAI支援翻訳により作成された参考用のものです。日本語訳の一部の内容は人間によるレビューがまだ行われていないため、翻訳のタイミングにより英語版との間に差異が生じることがあります。最新かつ正確な情報については、英語版をご参照ください。

Mixed Content

Description

The target application was found to request resources over insecure transport protocols (HTTP). This is usually due to HTML elements which load resources using the http:// scheme instead of https://. It should be noted that most modern browsers block these requests automatically so there is limited risk.

Some parts of the application may not behave correctly because these files are not being properly loaded.

Remediation

Ensure all HTML elements which load resources from a URL (JavaScript, stylesheets, images, video and other media) are set to use the https:// scheme instead of http://. Alternatively, developers may use the // scheme, which will only load resources over the same protocol that the originating page was loaded.

A browser visiting the website https://example.com with the HTML loading a file using <script src="//example.com/cdn/bundle.js"></script>, would ensure the example.com/cdn/bundle.js file was loaded over HTTPS.

Details

IDAggregatedCWETypeRisk
319.1true319PassiveInfo