This page compares the web security of online banking websites of British banks. HTTPS is the encryption between your web browser and the bank’s web server. It protects against others reading or changing the page (a man-in-the-middle attack). This is particularly important if you use wifi in a public place.
Scores are from the SSL server test run by SSL Labs, and consider protocol support, certificates and signatures. It tests whether sites are vulnerable to attacks such as Heartbleed and Poodle.
The scores don’t assess:
Last updated: 2022-06-22
Bank | Login page | Homepage |
---|---|---|
Barclays | A+ | A+ |
Co-op | A+ | A+ |
First Direct | A+ | A |
Halifax | A+ | A+ |
HSBC | A+ | A+ |
Lloyds | A+ | A+ |
Metro Bank | A+ | A+ |
Nationwide | A+ | A+ |
Natwest | A | B |
RBS | A | B |
Santander | A+ | A |
Smile | A+ | A+ |
Tesco | A+ | A |
TSB | Hostname blacklisted | Hostname blacklisted |
B | ||
Gmail | B | |
GOV.UK | A+ | |
A+ | ||
Wikipedia | A+ |
Questions and comments welcome to bank.grade.ssl.uk@gmail.com. If you run a website and would like to improve its score, read the guide SSL and TLS Deployment Best Practices.