browser insecure content warning, no http:// in db or WP theme
The browser says a client-managed site is insecure. If I check in Firefox > Media, I can see no files delivered over http://.
If I check https://www.whynopadlock.com/results/11d3f0c2-a944-43c0-922a-92a0cbe7b5c2 it says there are 3 image files delivered over http://
- http://www.vivescoal.com.au/wp-content/uploads/2017/06/logo.png
- http://www.vivescoal.com.au/wp-content/themes/balance/images/button_icon.png
- http://www.vivescoal.com.au/wp-content/themes/balance/images/dark_backgrounds/background9.jpg
I can't find these URLs in the database, nor in the parent theme or child theme.
Help appreciated to see where in the site these files are being called.
Since I cannot add images to comment, I'm adding it here. This is what I see is happening:
The image is called from a different domain, then redirected with a 301 to the non-https version. There is either something wrong in the litespeed configuration or the webserver configuration of that domain. It should not be redirecting https to http.