I manually added the 's' to the protocol to test and the server sent the only cert it had (if present, this is normal). It's like entering an IP address and having the server return the default site over HTTP.
Many sites ignore the Google Analytics requirement but I think this one should aim a bit higher, especially with all the legal geniuses involved in writing that privacy page.
Many sites ignore the Google Analytics requirement but I think this one should aim a bit higher, especially with all the legal geniuses involved in writing that privacy page.