If you develop a HTML page and source (SRC=) some images or scripts using a "http://" prefixed URL and then try and convert the site to run securely using https a lot of browsers will rightly complain that you are trying to serve encrypted and un-encrypted content.

One of the culprits of this unwanted warning behaviour is Joomla / WordPress plugins that source Javascript libraries from other sites.

The fix is to make sure that any HTML code that is generated has consistent use of https: when the page is accessed via https:

Note the following fragment of javascript that automatically creates the correct URL prefix depending on whether the page is accessed via https: or http:. You need to edit this to suit your own purposes.

To work with Javascript you need a good understanding of it I found this book helped enormously