Do you support the HTTP Strict Transport Security (HSTS)?

Do you support the HTTP Strict Transport Security (HSTS)?

Although some scanning tools fail to detect it, Royal Bank of Scotland Digital Banking does support HSTS Strict Transport Security.

This can be viewed using the developer tools in most modern desktop browsers. The tools are available in IE, Edge, Chrome and Firefox. In Safari, they have to be enabled in the advanced preferences. They are not easily available on phones and tablets.

Open the developer tools in your browser and go to the network tab. The tools are accessed via the menu that comes up when you click the three dots (Chrome and Edge), three lines (Firefox) or cog (IE) in the top right corner. In Safari, they are accessed from the develop menu.

Tracing will start automatically except in IE where you can start tracing by clicking the green arrow. Then load our Digital Banking login page. Look for our login page in the list of requests. The tools let you select to view webpages only by selecting HTML, Doc or Document (the name of the option depends on which browser you are using) and this may make it easier to find.

Click on the login page request and look for the response headers. These are the headers sent back from the web server. The HSTS header is called STRICT-TRANSPORT-SECURITY and can be seen in the list.

Didn't find what you were looking for?