Google Internet Authority G2 has cross root certificate issue!

[polonus]

-gmail.com
Warnings
RSA remove cross certificates
The certificate chain contains a cross root (primary intermediate) certificate that should be removed.
SHA-1 cross root (primary intermediate) certificates are deprecated and no longer required.

B+ status here: https://observatory.mozilla.org/analyze.html?host=gmail.com

I lean towards this verdict, despite of the Symantec/Google certification controversy.
Consider: http://www.pcworld.com/article/3014712/security/google-to-revoke-trust-in-a-symantec-root-certificate.html
and https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eUAKwjihhBs%5B1-25%5D

Some misconfiguration and weakness found: https://www.htbridge.com/ssl/?id=040caf0bfc7e4911cbd01a53811a142dec4de71f287aaf34025d233d62889f09

As this is not a big concern for most we also have to consider the security implications:

THIRD PARTY CONTENT ON HOMEPAGE
​Third party content (such as images, JavaScript, or CSS) is loaded from external resources. Despite that for some web applications it can significantly improve loading time, it may also put website visitor's privacy at risk, as information about website visitors become accessible to these third-party content providers. ​Moreover, a third-party content delivered via HTTP and not HTTPS channel may also expose your privacy.

polonus (volunteer website security analyst and website error-hunter)