Web App uses the latest HTTP version
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | appservice |
| Provider | Azure |
Description#
The web application is configured to use an outdated HTTP version by not enabling HTTP/2 support in the Azure App Service resource. This prevents the app from benefiting from improved security features and protocol enhancements available in newer HTTP versions.
Impact#
Running on an older HTTP version exposes the application to known vulnerabilities and lacks protections present in HTTP/2, increasing the risk of attacks such as protocol downgrade, interception, or performance degradation, which can compromise data integrity and service reliability.
Resolution#
Use the latest version of HTTP