Find and block unsafe content on your wordpress installation
For some reason, my WP installation decided to load some files via http instead of https
To find out which file it is, I used the Javascript console
It’s wp-emoji in this case, and I don’t use emojis on my site, so I decided to block it by adding this to my theme’s functions.php
remove_action( 'wp_head', 'print_emoji_detection_script', 7 );
remove_action( 'wp_print_styles', 'print_emoji_styles' );