The oreilly site to buy is not http :yuck:

Thats one thing I wish were enforced more than anything. SSL or better for financial transactions online. Surprised its HTTP. Maybe they redirect once you are actually paying? I have seen that be the case.

It doesn't look like you can buy anything at their shop, they either redirect to Amazon or to their subscription platform (which does use HTTPS).

Redirecting to https is still problematic though.

Let's say your websites homepage only uses http but the login form is over https. You can MiTM the homepage, and change the login link to haX0r.xyz and then proxy the login.

Is that the case here?

They have to, or will quickly find themselves racking up some PCI fines.

Good for them. I've loved using Gusto so far! Nothing but good experiences compared to my last payroll company

To OP. I would republish this book with better font faces. They really dont make this information very easy to comprehend.