Expedia.com has two certificates, one for North America and the other for Europe.
For some reason, the site gives out either certificate.
When the user browses to the site, the Security Gateway stores the certificate in the cache, without checking its Subject Alternative Names (SAN), and checks only the Distinguished Name (DN).
When the certificate from the Security Gateway is presented to the client, the Subject Alternative Name will sometimes not match, thus causing the page to not fully load.