The landing page for the Edinburgh Council is servered over plain HTTP. This is vulnerable to Man in The Middle (MiTM) attacks. Since the login page to one's council account is served from this page, an attacker who has managed to get MiTM could change the link to point to a spoofed login page. Additionally an attacker could alter information delivered by the pages. Lastly the attacker could alter the page to inject malicious content such as crypto mining scripts.
Issue still remains as of 19 December 2017.
The council was notified via their Twitter account, no response received:
@Edinburgh_CC any reason why you don't have HTTPS enabled on your primary site? pic.twitter.com/Ag52ziBlv2— Sean Wright (@SeanWrightSec) December 13, 2017