HTTPS Support:  Financial

UtahWatch.org evaluates and rates the HTTPS support of over 300 Utah websites and over 130 subdomains of Utah.gov.

See the About page to learn about the rating criteria and this project.

Click the Plus icon next to a name to see the reasons for that website's rating.

Banks

4/6/2
Bank of American Fork (www.bankaf.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell Bank of American Fork they should improve their HTTPS support: Tweet @bankaf
Bank of Utah (www.bankofutah.com) Good
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is set with a long max-age directive.
  • HTTP site redirects to HTTPS.
Thank Bank of Utah for providing high quality HTTPS: Tweet @bankofutah
Brighton Bank (www.brightonbank.com) Good
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is set with a long max-age directive.
  • HTTP site redirects to HTTPS.
Thank Brighton Bank for providing high quality HTTPS: Tweet @brighton_bank
Cache Valley Bank (www.cachevalleybank.com) Bad
  • Nothing is listening on port 443.
Capital Community Bank Utah (www.ccbankutah.com) Bad
  • A verified TLS connection can be established. (SSL Labs report)
  • The HTML page loaded over HTTPS has mixed content.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell Capital Community Bank Utah they should improve their HTTPS support: Tweet @capitalcombank
Central Bank (www.centralbankutah.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site doesn't redirect to HTTPS.
First National Bank of Layton (www.fnbutah.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell First National Bank of Layton they should improve their HTTPS support: Tweet @fnbutah
First Utah Bank (www.firstutahbank.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is set but the max-age is less than 30 days.
  • HTTP site redirects to HTTPS.
Tell First Utah Bank they should improve their HTTPS support: Tweet @firstutahbank
People's Intermountain Bank (www.peoplesutah.com) Bad
  • connect() to port 443 times out.
State Bank of Southern Utah (www.sbsu.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Utah Community Bank (www.utahcommunitybank.com) Bad
  • A verified TLS connection can be established. (SSL Labs report)
  • The HTML page loaded over HTTPS has mixed content.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site doesn't redirect to HTTPS.
Zions Bank (www.zionsbank.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell Zions Bank they should improve their HTTPS support: Tweet @zionsbank

Credit Unions

16/29/2
Alpine CU (www.alpinecu.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell Alpine CU they should improve their HTTPS support: Tweet @alpinecu
American First CU (www.americafirst.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell American First CU they should improve their HTTPS support: Tweet @AFCU
American United FCU (www.amucu.org) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell American United FCU they should improve their HTTPS support: Tweet @AUFCU
Associated Federal Employees FCU (www.afefcu.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site doesn't redirect to HTTPS.
Box Elder CU (boxeldercu.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell Box Elder CU they should improve their HTTPS support: Tweet @boxeldercu
Central Utah Project FCU (cupcu.com) Bad
  • Certificate hostname verification fails.
Cyprus CU (cypruscu.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell Cyprus CU they should improve their HTTPS support: Tweet @CyprusCU
Deseret First CU (www.dfcu.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell Deseret First CU they should improve their HTTPS support: Tweet @deseretfirst
Desertview FCU (www.dview.org) Bad
  • connect() to port 443 times out.
Devil's Slide FCU (devilsslidefcu.org) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Dugway FCU (www.dugwayfcu.org) Bad
  • connect() to port 443 times out.
Eastern Utah CCU (www.euccu.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Education First CU (www.e1cu.org) Bad
  • A verified TLS connection can be established. (SSL Labs report)
  • The HTML page loaded over HTTPS has mixed content.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell Education First CU they should improve their HTTPS support: Tweet @education1cu
Firefighters CU (www.firefighterscu.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Freedom CU (www.freedomcu.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Goldenwest CU (www.gwcu.org) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell Goldenwest CU they should improve their HTTPS support: Tweet @GoldenwestCU
Granite CU (www.granite.org) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell Granite CU they should improve their HTTPS support: Tweet @GraniteCU
Grand County CU (www.grandcountycreditunion.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Health Care CU (myhccu.org) Bad
  • Certificate not trusted by Mozilla cert store.
Tell Health Care CU they should improve their HTTPS support: Tweet @myhccu
Hercules CU (www.herculescu.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell Hercules CU they should improve their HTTPS support: Tweet @HerculesCU
Hi-Land CU (www.hilandcu.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site doesn't redirect to HTTPS.
Horizon CU (www.myhorizoncu.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site doesn't redirect to HTTPS.
Tell Horizon CU they should improve their HTTPS support: Tweet @myhorizoncu
Jordan CU (jordan-cu.org) Bad
  • A verified TLS connection can be established. (SSL Labs report)
  • The HTML page loaded over HTTPS has mixed content.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell Jordan CU they should improve their HTTPS support: Tweet @Jordan_CU
King Peak CU (www.kingspeakcu.com) Bad
  • Certificate hostname verification fails.
Logan Cache Rich CU (www.lcrcu.org) Bad
  • Certificate hostname verification fails.
Logan Medical FCU (www.loganmedicalfcu.org) Bad
  • Certificate not trusted by Mozilla cert store.
Meadow Gold Emp CU (mgecu.org) Bad
  • Nothing is listening on port 443.
Members First CU (www.memfirstcu.com) Good
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is set with a long max-age directive.
  • HTTP site redirects to HTTPS.
Midvalley FCU (midvalleyfcu.org) Bad
  • Nothing is listening on port 443.
Millard County CU (www.millardccu.com) Bad
  • A verified TLS connection can be established. (SSL Labs report)
  • The HTML page loaded over HTTPS has mixed content.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site doesn't redirect to HTTPS.
Mountain America CU (www.macu.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell Mountain America CU they should improve their HTTPS support: Tweet @MountainAmerica
National JACL CU (www.jaclcu.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Nebo CU (nebocreditunion.org) Good
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is set with a long max-age directive.
  • HTTP site redirects to HTTPS.
Thank Nebo CU for providing high quality HTTPS: Tweet @nebocreditunion
P&S CU (www.pandscu.org) Bad
  • connect() returns with error WSAECONNRESET.
Tell P&S CU they should improve their HTTPS support: Tweet @pandscu
Pacific Horizon CU (www.pacifichorizoncu.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
San Juan CU (www.sanjuancu.com) Bad
  • A verified TLS connection can be established. (SSL Labs report)
  • The HTML page loaded over HTTPS has mixed content.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site doesn't redirect to HTTPS.
Sunnyside CU (www.sunnysidecu.org) Bad
  • Nothing is listening on port 443.
TransWest CU (www.transwestcu.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell TransWest CU they should improve their HTTPS support: Tweet @TransWestCU
UCB CU for the Blind (www.ucbcreditunionfortheblind.org) Bad
  • Certificate not trusted by Mozilla cert store.
Utah Community CU (www.uccu.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell Utah Community CU they should improve their HTTPS support: Tweet @uccufans
Utah Federal CU (www.utahfederalcu.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site doesn't redirect to HTTPS.
Utah First CU (utahfirst.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell Utah First CU they should improve their HTTPS support: Tweet @Utah_First
Utah Heritage CU (www.utahheritagecu.org) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site doesn't redirect to HTTPS.
Utah Power CU (www.utahpowercu.org) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Varian FCU (www.varianfederalcu.org) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is set with a long max-age directive.
  • HTTP site doesn't redirect to HTTPS.
Wasatch Peaks CU (wasatchpeaks.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell Wasatch Peaks CU they should improve their HTTPS support: Tweet @WasatchPeaks
Weber State CU (www.weberstatecu.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell Weber State CU they should improve their HTTPS support: Tweet @WeberStateCU

Services, Orgs

5/2/0
Academy Mortgage (www.academymortgage.com) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.
Tell Academy Mortgage they should improve their HTTPS support: Tweet @academymortgage
Cambridge Financial Center (www.camonline.com) Bad
  • Certificate hostname verification fails.
Diversified Insurance Group (www.diversifiedinsurance.com) Bad
  • Certificate hostname verification fails.
Tell Diversified Insurance Group they should improve their HTTPS support: Tweet @diversified_ins
Paragon Wealth Management (www.paragonwealth.com) Bad
  • connect() to port 443 times out.
Tell Paragon Wealth Management they should improve their HTTPS support: Tweet @paragonwealth
Security National Mortgage Company (www.snmc.com) Bad
  • Certificate hostname verification fails.
Tell Security National Mortgage Company they should improve their HTTPS support: Tweet @snmortgage
Utah Bankers Association (www.uba.org) Mediocre
  • A verified TLS connection can be established. (SSL Labs report)
  • A page can be successfully fetched over HTTPS.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site doesn't redirect to HTTPS.
Utah Credit Union Association (www.utahscreditunions.org) Bad
  • A verified TLS connection can be established. (SSL Labs report)
  • The HTML page loaded over HTTPS has mixed content.
  • HTTP Strict-Transport-Security header is not set. (About HSTS)
  • HTTP site redirects to HTTPS.

Back to the top