Use the NoScript add-on for Firefox to force the CommSec website to use HTTPS.
On 20 March 2008, I wrote about CommSec’s use of non-SSL frames pages for its online banking. Although the CommSec homepage is delivered using SSL with an Extended Validation Certificate, once you log in you’re presented with a non-SSL frames page:
To do this, download NoScript from here. Open the options for NoScript and go to the HTTPS sub-tab on the Advanced tab. Under ‘Force the following sites to use secure (HTTPS) connections’, enter
Now, the CommSec website should always use HTTPS:
Remember, though, that NoScript’s primary function is to block scripts and other active content found on most websites. This is useful for security conscious users, but it’ll break most websites.
If you want to force certain websites to use HTTPS but don’t want to block scripts or other active content, you have to disable that blocking in the NoScript options.
Update: It turns out that forcing HTTPS connections for
*.comsec.com.au breaks some functionality. Forcing HTTPS connections for only
www.comsec.com.au achieves the same goal, but without breaking anything (that I know of):
The reason why
*.comsec.com.au doesn’t work is that CommSec doesn’t support HTTPS connections to
prices.comsec.com.au. So when you try to get a stock quote, your browser will attempt an HTTPS connection, which will fail.
Now, quotes should work, but they will be delivered over HTTP. And your browser will give you a warning to that effect.