Apple website shows Insecure (mixed contents) in Check Coverage subdomain.

While checking my coverage for my Mac serial number, I found mixed contents! in CheckCoverage page.

The main page:

Chrome shows "Insecure content Blocked" and with an option to "Load Unsafe scripts" icon in the address bar.

Entering any valid/invalid serial number will show the insecure warning in Chrome with the option to load Unsafe scripts.

In terms of security it is trivial and a favicon loading from non-HTTPS won't cause any security issues, but:
First: It is not professional.
Second: Which is the important, end-user will think Apple website is not secure or some will think their computers/devices hacked (How could Apple website is insecure? 🤔), yes I have heard and asked for this about mixed contents darn thing many times before from clients while working in sysadmin and tech support.
And what If an end-user is curious enough to load it, and did, it will show the website is Not Secure!.

They will see:

                                      Welcome to the "Not Secure" Apple Website"

By the way, the serial shown here found by Googling! https://www.google.com/search?q=mac+serial+example

comments powered by Disqus