On this page, for example, there are some mixed content. Most of it is from signatures, such as Triangledrusi's signature image, which is to be expected.
Loading mixed (insecure) display content “http://andrusi.tryhappy.net/sig/andrusig.gif” on a secure page
Loading mixed (insecure) display content “http://s26.postimg.org/hllcs03x1/2rflojndfjkdsfgtscoot_left.gif” on a secure page
I am also seeing duplicated mixed content messages relating to site images. Specifically this example of the Allspark Supporter badge, which is using the HTTP link as far as the browser is concerned, but also shows a secure pathed link that doesn't appear to be used.
Loading mixed (insecure) display content “https://www.allspark.com/content/wp-content/uploads/2016/07/SupporterBadge.png” on a secure page
Loading mixed (insecure) display content “http://www.allspark.com/content/wp-content/uploads/2016/07/SupporterBadge.png” on a secure page
EDIT: the duplicated error shown relating to allspark.com files are due to the forum using a redirect on non-secure objects to secure. For example, this workflow:
So what happens here is the page requests the HTTP resource, but the server is configured to respond to the browser that the resource has been moved (301 response) and informs the browser to instead get the https resource. It does this and the image is displayed. For this specific page, it does this with both the Allspark Supporter badge as well as 4_allsparklogo_purple_sm.png. But because the image is being feteched initially using HTTP and then also with the 301, the browser is marking both paths as being insecure and/or mixed content.
The browser will always show the lock error in the address bar (and some browsers will sometimes show a visible message) as long as mixed content exists.
Edited by Tripredacus, 12 September 2018 - 02:59 PM.