The security theatre is strong with this one.

Mark Dain This is embarrassing... i.imgur.com/3QO9qb... I think this is where Halifax, my bank, do a security check via "securesite" which completely failed SSL test: ssllabs.com/ssltes... Just don't do security if you can't do it properly. It may interest you to know putting "secure" in the URL doesn't help you!

8y, 21w 3 replies ¬

Martijn The security theatre is strong with this one.

8y, 21w 2 replies

Mark Dain What?

8y, 21w 1 reply

Martijn Security theatre is when you implement "security measures" that do not actually strengthen security and only create an illusion of security. That seems what's going on here. IFRAMEs are a weakness (ask Troy Hunt) and the site is configured wrongly as you point out, but outward it lets them tell the story that all connections go through a secure domain on an external service which will totally protect you from bla bla bla

8y, 21w reply