Privacy errors on full https everywhere site version

See: https://www.eff.org/https-everywhere/atlas/domains/s2media.be.html
Going to website: S2Media padlock icon
s2media.be
Infos (1)
Encryption (HTTPS) (1)
Communication is NOT encrypted
Netcraft risk: 1 red out of 10: http://toolbar.netcraft.com/site_report?url=http://s2media.be
Possible Frontend SPOF from:

html5shiv.googlecode.com - Whitelist
(89%) -
Web analytics and Social Network plug-in 1 and 1 blocked (Google Analytics)
CDN Googlecode and Googlewidget (blocked by PrivacyBadger)

Security Header Settings - 1 with best policy settings.

cache-control

max-age=2592000

Warning

x-content-type-options

Header not returned

Insecure

x-xss-protection

Header not returned

Insecure

x-frame-options

Header not returned

Insecure

content-security-policy

Header not returned

Insecure

access-control-allow-origin

Header not returned

Secure

CA basic certificate not trusted.

See attached certificate overview

Externally linked hosts:Externally Linked Host Hosting Provider Country

-www.facebook.com Facebook Ireland

-www.linkedin.com LinkedIn Corporation United States

-plus.google.com Google United States

-twitter.com Twitter United States

-facebook.com Facebook United States

-s2mediadigital.com OVH SAS France

-fr.pinterest.com Amazon.com United States

polonus