HTTPS Everywhere - not always an optimum configuration....

See: https://www.eff.org/https-everywhere/atlas/domains/onsugar.com.html
Re: -https://secure.onsugar.com/user/login?destination=https%3A%2F%2Fsecure.onsugar.com%2F&access-denied=1
Re: http://toolbar.netcraft.com/site_report?url=https://secure.onsugar.com
Only script there: https://secure.onsugar.com/remotelogin
Symantec Crypto Report has:
Warnings
BEAST
The BEAST attack is not mitigated on this server.
Root installed on the server.
For best practices, remove the self-signed root from the server.
Certificate information

See: https://seomon.com/domain/secure.onsugar.com/
Going here: http://toolbar.netcraft.com/site_report?url=http://www.dualstack.sugar-prod-onsugar-468105671.us-east-1.elb.amazonaws.com
External links: https://seomon.com/domain/secure.onsugar.com/links/

This server uses a Domain Validated (DV) certificate. No information about the site owner has been validated. Data is protected, but exchanging personal or financial information is not recommended.
Common name:
secure.onsugar.com
SAN:
secure.onsugar.com, www.secure.onsugar.com, ads.shopstyle.com, secure.local.onsugar.com, secure.dev7.onsugar.com, secure.dev4.onsugar.com, secure.dev2.onsugar.com, secure.dev6.onsugar.com, secure.dev3.onsugar.com, secure.dev5.onsugar.com, secure.dev1.onsugar.com
Valid from:
2015-May-05 19:54:40 GMT
Valid to:
2016-May-30 21:22:42 GMT
Certificate status:
Valid
Revocation check method:
OCSP
Organization:

Organizational unit:
Domain Control Validated
City/locality:

State/province:

Country:

Certificate Transparency:
Not Enabled
Serial number:
624e53c50ca9ef0b
Algorithm type:
SHA256withRSA
Key size:
2048

And why this: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fsecure.onsugar.com%2Fremotelogin
lands at: - http://static.soup.io/javascripts/advertisement.js

Insecurity here: https://securityheaders.io/?q=https%3A%2F%2Fsecure.onsugar.com%2Fremotelogin F-Status flagged.

pol