The issue is of http requests not upgrading to https at before mentioned domain.
Thus can allow an attack to steal important info like credentials and all other type of info.
Your domain is hsts preloaded so automatically upgraded to https , but the browsers who don’t have this mentioned support like safari can allow attack.
Steps: