# HTTP Used Instead of HTTPS

- ID: python-http-not-https
- Severity: HIGH
- CWE: CWE-319 (CWE-319)
- Languages: Python

## Description

Detects use of unencrypted HTTP for sensitive operations like API calls,
authentication, payment processing, or data transmission. HTTP traffic is
sent in cleartext and can be intercepted. Always use HTTPS.

## Remediation

Use HTTPS for all external requests and enable SSL redirect.

```python
import requests

API_URL = "https://api.example.com"

response = requests.get(f"{API_URL}/data", verify=True, timeout=10)

# Django settings.py
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
```

Learn more: https://shoulder.dev/learn/python/cwe-319/http-not-https

## Documentation

[object Object]

## Related Rules

- **Echo Running Without TLS** [HIGH]: 
- **Fiber Running Without TLS** [HIGH]: 
- **Gin Running Without TLS** [LOW]: 
- **Ingress Missing TLS Configuration** [HIGH]: 
- **Insecure TLS Verification Disabled** [HIGH]: