Linkedin does not make any attempt to force you onto https, so no reason to worry about it. Any site that redirects you to https from http could have that redirect hijacked I guess too. Presumably they just have a list of people and can wait to hack them until next time they visit slashdot or linkedin.

It's even worse than that. LinkedIn actively moves you off HTTPS, and onto plain HTTP.

Here's 2 situations: * https://linkedin.com Redirects To www.linkedin.com * https://www.linkedin.com works, but all links go to www.linkedin.com

Not only that, but all the static resources are loaded over HTTP (FF and Chrome both warn about this).

This shouldn't come as a surprise, because the LinkedIn team can't be trusted to lock their fucking car doors, let alone secure a website.

Your first link goes to an https page for me in Safari on iPad.

The configurations are different for mobile devices. Mobile devices do link to https:// but they still load the static files over HTTP.

Hmm, I just tried going to that link in Chrome and Firefox on a MacBook Pro -- Still takes me to an https. Also, doing an "inspect element" on a couple of images on there show me "https://static.licdn.com/..."

All the other links on that page (about, etc) do go to http://-only pages, but at least the links you provided and their static resources all go over https.

You can set LinkedIn to only server you SSL pages.

https://help.linkedin.com/app/answers/detail/a_id/6021/