CDN endpoint allows unencrypted traffic

March 21, 2025 ยท View on GitHub

SYNOPSIS

Unencrypted communication could allow disclosure of information to an untrusted party.

DESCRIPTION

When a client connect to CDN content it can use HTTP or HTTPS. Support for both HTTP and HTTPS is enabled by default. When using HTTP, sensitive information may be exposed to an untrusted party.

RECOMMENDATION

Consider disabling HTTP support on the CDN endpoint origin.