I noticed that Firefox gave me a mixed content warning.
The reason was an avatar image loaded over http. Given that the board only runs on HTTPS now such avatars should probably not be allowed.
A workaround might be to set an "upgrade-insecure-requests" header. In such a case the browser would automatically try to fetch HTTP resources over HTTPS:
https://developer.mozilla.org/en-US/doc ... e-Requests