Dan Q

Note #18572

Hey @LloydsBank! 2009 called and asked if you’re done sending your customers links to unencrypted HTTP endpoints yet. How do you feel about switching this to a HTTPS link rather than relying on an interceptable/injectable HTTP request?

Text message: "Follow this link to download your free Lloyds Bank Mobile Banking app. http://www.lloydsbank.com/mobileapp"

Text message: "Follow this link to download your free Lloyds Bank Mobile Banking app. http://www.lloydsbank.com/mobileapp"×

2 comments

  1. {M,Ale}x Dutton {M,Ale}x Dutton says:

    @LloydsBank They don’t even have HSTS set up: https://t.co/Hndp6eGewd

    11 May, 2021, 15:08
    1. Dan Q Dan Q says:

      They have it on HTTPS, and always redirect to HTTPS, so they’re half-trying.

      11 May, 2021, 15:25

Reply here

Your email address will not be published. Required fields are marked *

Reply on your own site

Reply by email

I'd love to hear what you think. Send an email to b18572@danq.me; be sure to let me know if you're happy for your comment to appear on the Web!