diff --git a/apps/web/src/app/admin-console/organizations/tools/unsecured-websites-report.component.ts b/apps/web/src/app/admin-console/organizations/tools/unsecured-websites-report.component.ts
index 559d2f417a5..c520d3dad68 100644
--- a/apps/web/src/app/admin-console/organizations/tools/unsecured-websites-report.component.ts
+++ b/apps/web/src/app/admin-console/organizations/tools/unsecured-websites-report.component.ts
@@ -5,6 +5,7 @@ import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { CollectionService } from "@bitwarden/common/vault/abstractions/collection.service";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import { PasswordRepromptService } from "@bitwarden/vault";
@@ -29,6 +30,7 @@ export class UnsecuredWebsitesReportComponent
     passwordRepromptService: PasswordRepromptService,
     i18nService: I18nService,
     syncService: SyncService,
+    collectionService: CollectionService,
   ) {
     super(
       cipherService,
@@ -37,6 +39,7 @@ export class UnsecuredWebsitesReportComponent
       passwordRepromptService,
       i18nService,
       syncService,
+      collectionService,
     );
   }
 
diff --git a/apps/web/src/app/tools/reports/pages/unsecured-websites-report.component.ts b/apps/web/src/app/tools/reports/pages/unsecured-websites-report.component.ts
index 0a8023c3031..b2b8ce298a3 100644
--- a/apps/web/src/app/tools/reports/pages/unsecured-websites-report.component.ts
+++ b/apps/web/src/app/tools/reports/pages/unsecured-websites-report.component.ts
@@ -4,8 +4,11 @@ import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { CollectionService } from "@bitwarden/common/vault/abstractions/collection.service";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { CipherType } from "@bitwarden/common/vault/enums";
+import { Collection } from "@bitwarden/common/vault/models/domain/collection";
+import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import { PasswordRepromptService } from "@bitwarden/vault";
 
 import { CipherReportComponent } from "./cipher-report.component";
@@ -24,6 +27,7 @@ export class UnsecuredWebsitesReportComponent extends CipherReportComponent impl
     passwordRepromptService: PasswordRepromptService,
     i18nService: I18nService,
     syncService: SyncService,
+    private collectionService: CollectionService,
   ) {
     super(
       cipherService,
@@ -41,15 +45,51 @@ export class UnsecuredWebsitesReportComponent extends CipherReportComponent impl
 
   async setCiphers() {
     const allCiphers = await this.getAllCiphers();
+    const allCollections = await this.collectionService.getAll();
     this.filterStatus = [0];
+
     const unsecuredCiphers = allCiphers.filter((c) => {
-      if (c.type !== CipherType.Login || !c.login.hasUris || c.isDeleted) {
+      const containsUnsecured = this.cipherContainsUnsecured(c);
+      if (containsUnsecured === false) {
         return false;
       }
 
-      return c.login.uris.some((u: any) => u.uri != null && u.uri.indexOf("http://") === 0);
+      const canView = this.canView(c, allCollections);
+      return canView;
     });
 
     this.filterCiphersByOrg(unsecuredCiphers);
   }
+
+  /**
+   * Cipher needs to be a Login type, contain Uris, and not be deleted
+   * @param cipher Current cipher with unsecured uri
+   */
+  private cipherContainsUnsecured(cipher: CipherView): boolean {
+    if (cipher.type !== CipherType.Login || !cipher.login.hasUris || cipher.isDeleted) {
+      return false;
+    }
+
+    const containsUnsecured = cipher.login.uris.some(
+      (u: any) => u.uri != null && u.uri.indexOf("http://") === 0,
+    );
+    return containsUnsecured;
+  }
+
+  /**
+   * If the user does not have readonly set or it's false they have the ability to edit
+   * @param cipher Current cipher with unsecured uri
+   * @param allCollections The collections for the user
+   */
+  private canView(cipher: CipherView, allCollections: Collection[]): boolean {
+    if (!cipher.organizationId) {
+      return true;
+    }
+
+    return (
+      allCollections.filter(
+        (item) => cipher.collectionIds.indexOf(item.id) > -1 && !(item.readOnly ?? false),
+      ).length > 0
+    );
+  }
 }