AnsweredAssumed Answered

HTTP calling iFrame over HTTPS

Question asked by Robert Farnlof on Apr 15, 2015
Latest reply on Apr 17, 2015 by Grant Johnson

If we run a Qualys scan on a server (or set of servers) that do not use HTTPS, would that come up as a vulnerability? Or just the use of weak HTTPS protocols will be shown as a vulnerability.


Here is our use case: a merchant site is on HTTP only, calling an  iFrame over HTTPS. When an ASV scans the merchant’s site, would they detect HTTP as a vulnerability? Yes/no/why?