When you click the Catalog link, it is going to [url removed, login to view]
It should not append the session id number ?osCsid=d9tfog8ak37cqasd3gi7ah9b52 to the url. Search engines will pick that up and will index urls where people are logged in to their accounts which is a security risk. Then when random people click that url they will be logged in as someone else. This used to be fixed, but I don't remember how. It looks like sometimes it is adding the sid and sometimes it isn't.