Weather.com’s main login and signup forms loads over insecure HTTP and submit the request to a secured HTTPS endpoint. “Log In with Facebook” and “Log In with Google+” each open in a new window that is loaded over HTTPS.
Going to https://www.weather.com redirects to the http version.
At the time of this report, Weather.com ranks #18 on Quantcast’s top 100 sites in the United States.
Test dsx-secure.weather.com on Qualys SSL Labs for yourself: https://www.ssllabs.com/ssltest/analyze.html?d=dsx-secure.weather.com
Type: Log in form over http, request to https
Needs protecting: Password
First identified: 12/13/15