I already wrote about this subject on “General topics” subforum but thought this would probably fit better here, also providing more collected info about it.
So starting from two days ago when I went to browse Amazon.de, for the first time (that I recall) I noticed that on the front page Firefox had “insecure content” (sorry, I use finnish version of the browser so I’m not sure what the exact term in eglish is, but point being it gave the icon with orange warning triangle next to grey lock). Firefox didn’t seem to find any non-HTTPS images on the site on it’s page information tool menu. However, when I opened the browser console, it said this unsecured domain loaded on the page:
hxtp://z-ecx.images-amazon.com/images/G/01/AUIClients/AmazonUISpinner-spinnergray_2x-d4dc5be75361ec92bee9941f2c6e86cab26fe388._V2.gif
Later when I did some product searches, I noticed the “insecure content” icon didn’t appear on pages of singular products or most product search pages. However, when I went to browse “CDs and Vinyl” category, the icon popped out again and I once again opened the server browser to see what caused it, and it gave me this error:
"Error logged with the Track&Report JS errors API(hxtp://tiny/1covqr6l8/wamazindeClieUserJava): {"m":"[CSM] Insecure content detected img : hxtp://g-ecx.images-amazon.com/images/G/03/music/marc/SMSAmazon2.jpg","csm":"v5 ueLogError stack","logLevel":"WARN","attribution":"//*[@id='nav-flyout-aj:hxtps://images-eu.ssl-images-amazon.com/images/G/03/digital/music/dmusic-flyout-subnav.json:subnav-dmusic-flyout-physical:0']/DIV[2]/DIV/DIV[5]/A/IMG","pageURL":"hxtps://www.amazon.de/s/ref=nb_sb_noss?__mk_de_DE=%C3%85M%C3%85%C5%BD%C3%95%C3%91&url=search-alias%3Dpopular&field-keywords=big+hero+6&rh=n%3A255882%2Ck%3Abig+hero+6","s":["N/A"],"t":8630}" Object { m: "[CSM] Insecure content detected img…", name: undefined, type: undefined, csm: "v5 ueLogError stack", logLevel: "WARN", attribution: "//*[@id='nav-flyout-aj:https://imag…", pageURL: "hxtps://www.amazon.de/s/ref=nb_sb_n…", f: undefined, l: undefined, c: undefined, 2 more… }
Sorry if that bunch of code is somewhat incomplete, but that’s the direct copypaste I was able to paint from the console. I decided to share this just in case. I’m not sure if these Amazon domains have always had http content popping up in some parts of the sites, but I’ve never seen them in site’s front page before. I tried another european Amazon domain, amazon.co.uk and it showed “insecure content” icon too.
(also on side note, when I scanned both amazon.de and amazon.co.uk on Sucuri, it showed apparently .co.uk had website firewall while .de apparently didn’t)