Gotcha, no, sorry if I was unclear, the configured destination for the backups isn’t what the vulnerability scanner is getting at here. It’s the encryption used between the browser and the UI when exposed to other hosts by ticking off the box next to ‘Allow remote access (requires restart)’ under ‘Settings’. Then, configuring it to use https rather than http as described in this post: