CDN endpoint allows unencrypted traffic
March 21, 2025 ยท View on GitHub
SYNOPSIS
Unencrypted communication could allow disclosure of information to an untrusted party.
DESCRIPTION
When a client connect to CDN content it can use HTTP or HTTPS. Support for both HTTP and HTTPS is enabled by default. When using HTTP, sensitive information may be exposed to an untrusted party.
RECOMMENDATION
Consider disabling HTTP support on the CDN endpoint origin.