What’s an example of non encrypted data you’re thinking of?
reply
Yeah, some websites don't automatically redirect to HTTPS when you intentionally go out of your way to use HTTP. By default, they're either HTTPS, or they're static and not accepting data in the first place.
FWIW, this list is pretty out of date, you can check it out for yourself.
If your website doesn't automatically redirect to HTTPS, the worst thing that can happen is, you're on a network with an evesdropper, they send you a phishing link that's HTTP, you click on it, and type in a password that they can see. Maybe there's a reason you're being targeted, but in that case, a) you probably know how to look out for phishing, and b) there are more effective attacks you can attempt to steal someone's password besides trying to spy on unencrypted traffic.
Also, if your website doesn't automatically redirect to HTTP, I can guarantee you're getting 2-3 emails every month from some bug bounty researcher about it.
reply