BT.com, My Account, SSL and reporting the problem.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
Logged in to my business account today from
- https://www.bt.com/cmp/public/hub.do page and when it completed the browser crossed out the https and the padlock.
This usually indicates a web site that should be using SSL but isn't. My billing details were displayed. Knowing that the site was therefore not secure I hit sign out.
This produced the following
- "Duplicate headers received from server
- The response from the server contained duplicate headers. This problem is generally the result of a misconfigured website or proxy. Only the website or proxy administrator can fix this issue.
- Error 350 (net::ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION): Multiple Location headers received. This is disallowed to protect against HTTP response splitting attacks."
Now this sounds like a problem for BT.com's website team. I tried for two hours to report this problem. In the process being passed from one team to another. I was repeatably assured that the website was safe to use but if I felt it wasn't I could use the telephone or email to access my account.
For me this has rasied 3 issues
- I couldn't get through to anyone who understood the problem.
- I couldn't get to find who to talk to re the problem.
- The agents who assured me that the site was safe to use need some further training before continuing with their day job.
Has anybody else noticed the issue?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
I wouldn't worry to much about it. It means that some parts of the webpage are only not encoded on SSL like javascript.
I can't pinpoint which part it is but overall, I would say the connection is secure. Btw, what browser are you using on this? Also try other browsers and see if the results are the same.
