See what HTTPS Everywhere rules does: https://www.eff.org/https-everywhere/atlas/domains/eastdane.com.html
See the 115 security warnings and error here: https://sonarwhal.com/scanner/ec1c5bbd-39ef-4069-811e-8d37b9580277
For that warning consider F-grade status and recommendations here: https://observatory.mozilla.org/analyze/www.eastdane.com

polonus (volunteer website security analyst and website error-hunter)

P.S. To-day all http-sites will be flagged in Google Chrome 68.03440.75 as insecure,
now let us wait for HSTS-only sites!

Damian

About this whole https everywhere campaign in a nutshell:

I already looked for the most popular sites for my country, the Netherlands,
that still did not have a secure connection to serve up their content.
Checked here: https://whynohttps.com/country/nl

Home for this site is https://whynohttps.com/

HTTPS everywhere is what one is after, and then I hope “HSTS Everywhere” comes next.
HSTS both for main domains and on sub-domains.

Read: https://github.com/mozilla/http-observatory-website/issues/64

See this as a recommendation for this (random https site example):
https://observatory.mozilla.org/analyze/www.eastdane.com

On web-security measures in general, read: https://infosec.mozilla.org/guidelines/web_security#http-strict-transport-security

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

P.S. There is also a mayor Google core-business interest in this strife for being https-only connected everywhere.
Then Google’s competitors won’t have an easy time hijacking their main line of ad/data-selling income,
and there Google holds one of the biggest monopolies on the globe. :-X

D.