Insecure Transport on cdn-cgi directory

I’m getting a security vulnerability from Mcafee:

Insecure Transport
A link is accessible over an insecure connection, i.e. HTTP.

Impact
Data sent over HTTP is unencrypted and vulnerable to sniffing attacks that can expose sensitive or confidential information.

Solution
Ensure that the target website is accessible over HTTPS only. If non-HTTPS requests are received, the server should redirect the request to HTTPS. It is also recommended to use the Strict-Transport-Security response header to ensure that web browsers use only HTTPS when making requests to the server.

Target:
http://www.mysite.com/cdn-cgi/apps/head/Rum4yyg4bUWksQrx6FPZWJldiUY.js

In reviewing this file - it appears to be a Cloudflare asset. I have PageRules set up to redirect from http to https but this does not seem to work for this file/directory.

How can we fix in Cloudflare dashboard?

This is likely a Cloudflare application that you have configured for your site. You could either disable that application or contact the developer about the issue. You can check that at https://dash.cloudflare.com/redirect?zone=apps/installed-apps

Whats the actual URL?

We don’t have any apps installed.

http://www.masseys.com/cdn-cgi/apps/head/Rum4yyg4bUWksQrx6FPZWJldiUY.js

You seem to have strict firewall rules in place and block most countries. I am afraid it is impossible to say anything in this case and I’d suggest to open a support ticket.

This topic was automatically closed after 30 days. New replies are no longer allowed.