diff --git a/src/app/app-routing.module.ts b/src/app/app-routing.module.ts
index cbeac5bad0a..6dc17f13efd 100644
--- a/src/app/app-routing.module.ts
+++ b/src/app/app-routing.module.ts
@@ -54,6 +54,7 @@ import { ImportComponent } from './tools/import.component';
 import { PasswordGeneratorComponent } from './tools/password-generator.component';
 import { ReusedPasswordsReportComponent } from './tools/reused-passwords-report.component';
 import { ToolsComponent } from './tools/tools.component';
+import { UnsecuredWebsitesReportComponent } from './tools/unsecured-websites-report.component';
 
 import { VaultComponent } from './vault/vault.component';
 
@@ -154,6 +155,11 @@ const routes: Routes = [
                         component: ReusedPasswordsReportComponent,
                         data: { titleId: 'reusedPasswordsReport' },
                     },
+                    {
+                        path: 'unsecured-websites-report',
+                        component: UnsecuredWebsitesReportComponent,
+                        data: { titleId: 'unsecuredWebsitesReport' },
+                    },
                 ],
             },
         ],
diff --git a/src/app/app.module.ts b/src/app/app.module.ts
index fed89906ff6..6bb182743b9 100644
--- a/src/app/app.module.ts
+++ b/src/app/app.module.ts
@@ -110,6 +110,7 @@ import { PasswordGeneratorHistoryComponent } from './tools/password-generator-hi
 import { PasswordGeneratorComponent } from './tools/password-generator.component';
 import { ReusedPasswordsReportComponent } from './tools/reused-passwords-report.component';
 import { ToolsComponent } from './tools/tools.component';
+import { UnsecuredWebsitesReportComponent } from './tools/unsecured-websites-report.component';
 
 import { AddEditComponent } from './vault/add-edit.component';
 import { AttachmentsComponent } from './vault/attachments.component';
@@ -264,6 +265,7 @@ registerLocaleData(localeZhCn, 'zh-CN');
         OrgVaultComponent,
         PasswordGeneratorComponent,
         PasswordGeneratorHistoryComponent,
+        PasswordStrengthComponent,
         PaymentComponent,
         PremiumComponent,
         ProfileComponent,
@@ -290,6 +292,7 @@ registerLocaleData(localeZhCn, 'zh-CN');
         TwoFactorU2fComponent,
         TwoFactorVerifyComponent,
         TwoFactorYubiKeyComponent,
+        UnsecuredWebsitesReportComponent,
         UpdateKeyComponent,
         UpdateLicenseComponent,
         UserBillingComponent,
@@ -298,7 +301,6 @@ registerLocaleData(localeZhCn, 'zh-CN');
         VerifyEmailComponent,
         VerifyEmailTokenComponent,
         VerifyRecoverDeleteComponent,
-        PasswordStrengthComponent,
     ],
     entryComponents: [
         AddEditComponent,
diff --git a/src/app/tools/tools.component.html b/src/app/tools/tools.component.html
index 5be28feed2d..ec9a6b1a4f4 100644
--- a/src/app/tools/tools.component.html
+++ b/src/app/tools/tools.component.html
@@ -24,6 +24,9 @@
                     <a routerLink="reused-passwords-report" class="list-group-item" routerLinkActive="active">
                         {{'reusedPasswordsReport' | i18n}}
                     </a>
+                    <a routerLink="unsecured-websites-report" class="list-group-item" routerLinkActive="active">
+                        {{'unsecuredWebsitesReport' | i18n}}
+                    </a>
                 </div>
             </div>
         </div>
diff --git a/src/app/tools/unsecured-websites-report.component.html b/src/app/tools/unsecured-websites-report.component.html
new file mode 100644
index 00000000000..d1e95a0fecc
--- /dev/null
+++ b/src/app/tools/unsecured-websites-report.component.html
@@ -0,0 +1,34 @@
+<div class="page-header">
+    <h1>{{'unsecuredWebsitesReport' | i18n}}</h1>
+</div>
+<p>{{'unsecuredWebsitesReportDesc' | i18n}}</p>
+<div *ngIf="loading">
+    <i class="fa fa-spinner fa-spin text-muted" title="{{'loading' | i18n}}"></i>
+</div>
+<div class="mt-4" *ngIf="!loading">
+    <app-callout type="success" title="{{'goodNews' | i18n}}" *ngIf="!ciphers.length">
+        {{'noUnsecuredWebsites'}}
+    </app-callout>
+    <ng-container *ngIf="ciphers.length">
+        <app-callout type="danger" title="{{'unsecuredWebsitesFound' | i18n}}">
+            {{'unsecuredWebsitesFoundDesc' | i18n : ciphers.length}}
+        </app-callout>
+        <table class="table table-hover table-list table-ciphers">
+            <tbody>
+                <tr *ngFor="let c of ciphers">
+                    <td class="table-list-icon">
+                        <app-vault-icon [cipher]="c"></app-vault-icon>
+                    </td>
+                    <td class="reduced-lh wrap">
+                        <a href="#" appStopClick (click)="selectCipher(c)" title="{{'editItem' | i18n}}">{{c.name}}</a>
+                        <i class="fa fa-share-alt" *ngIf="!organization && c.organizationId" title="{{'shared' | i18n}}"></i>
+                        <i class="fa fa-paperclip" title="{{'attachments' | i18n}}" *ngIf="c.hasAttachments"></i>
+                        <br>
+                        <small>{{c.subTitle}}</small>
+                    </td>
+                </tr>
+            </tbody>
+        </table>
+    </ng-container>
+</div>
+<ng-template #cipherAddEdit></ng-template>
diff --git a/src/app/tools/unsecured-websites-report.component.ts b/src/app/tools/unsecured-websites-report.component.ts
new file mode 100644
index 00000000000..c337d26046d
--- /dev/null
+++ b/src/app/tools/unsecured-websites-report.component.ts
@@ -0,0 +1,76 @@
+import {
+    Component,
+    ComponentFactoryResolver,
+    OnInit,
+    ViewChild,
+    ViewContainerRef,
+} from '@angular/core';
+
+import { CipherService } from 'jslib/abstractions/cipher.service';
+
+import { CipherView } from 'jslib/models/view/cipherView';
+
+import { CipherType } from 'jslib/enums/cipherType';
+
+import { ModalComponent } from '../modal.component';
+import { AddEditComponent } from '../vault/add-edit.component';
+
+@Component({
+    selector: 'app-unsecured-websites-report',
+    templateUrl: 'unsecured-websites-report.component.html',
+})
+export class UnsecuredWebsitesReportComponent implements OnInit {
+    @ViewChild('cipherAddEdit', { read: ViewContainerRef }) cipherAddEditModalRef: ViewContainerRef;
+
+    loading = true;
+    hasLoaded = false;
+    ciphers: CipherView[] = [];
+
+    private modal: ModalComponent = null;
+
+    constructor(private ciphersService: CipherService, private componentFactoryResolver: ComponentFactoryResolver) { }
+
+    async ngOnInit() {
+        this.load();
+        this.hasLoaded = true;
+    }
+
+    async load() {
+        this.loading = true;
+        const allCiphers = await this.ciphersService.getAllDecrypted();
+        this.ciphers = allCiphers.filter((c) => {
+            if (c.type !== CipherType.Login || !c.login.hasUris) {
+                return false;
+            }
+            return c.login.uris.find((u) => u.uri.indexOf('http://') === 0) != null;
+        });
+        this.loading = false;
+    }
+
+    selectCipher(cipher: CipherView) {
+        if (this.modal != null) {
+            this.modal.close();
+        }
+
+        const factory = this.componentFactoryResolver.resolveComponentFactory(ModalComponent);
+        this.modal = this.cipherAddEditModalRef.createComponent(factory).instance;
+        const childComponent = this.modal.show<AddEditComponent>(
+            AddEditComponent, this.cipherAddEditModalRef);
+
+        childComponent.cipherId = cipher == null ? null : cipher.id;
+        childComponent.onSavedCipher.subscribe(async (c: CipherView) => {
+            this.modal.close();
+            await this.load();
+        });
+        childComponent.onDeletedCipher.subscribe(async (c: CipherView) => {
+            this.modal.close();
+            await this.load();
+        });
+
+        this.modal.onClosed.subscribe(() => {
+            this.modal = null;
+        });
+
+        return childComponent;
+    }
+}
diff --git a/src/locales/en/messages.json b/src/locales/en/messages.json
index 1c49ac048a6..18afae9c44f 100644
--- a/src/locales/en/messages.json
+++ b/src/locales/en/messages.json
@@ -1287,6 +1287,27 @@
   "reports": {
     "message": "Reports"
   },
+  "unsecuredWebsitesReport": {
+    "message": "Unsecured Websites Report"
+  },
+  "unsecuredWebsitesReportDesc": {
+    "message": "Using unsecured websites with the http:// scheme can be dangerous. If the website allows, you should always access it using the https:// scheme."
+  },
+  "unsecuredWebsitesFound": {
+    "message": "Unsecured Websites Found"
+  },
+  "unsecuredWebsitesFoundDesc": {
+    "message": "We found $COUNT$ items in your vault with unsecured URIs. You should change their URI scheme to https:// if they allow it.",
+    "placeholders": {
+      "count": {
+        "content": "$1",
+        "example": "8"
+      }
+    }
+  },
+  "noUnsecuredWebsites": {
+    "message": "No items in your vault have unsecured URIs."
+  },
   "reusedPasswordsReport": {
     "message": "Reused Passwords Report"
   },