Critiq Docs
Get started
security.transport

Insecure HTTP transport

Outbound transport should not use plain HTTP for sensitive requests.

#Metadata

Rule ID
security.insecure-http-transport
Severity
high
Confidence
0.9
Languages
go, java, javascript, php, python, ruby, rust, typescript
Presets
recommended, security, strict
Stability
stable
Applies to
block
Tags
network, rules-catalog, security, transport

#Why it matters

Plain HTTP exposes traffic to interception and tampering.

#Remediation

Use HTTPS or a trusted local-development exception for non-production endpoints.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/shared/security.insecure-http-transport.rule.yaml.

Back to registryOpen rule in repository