EDIT it looks like a topic related to Plugin "TopicListPreview"
Discussion: https://meta.discourse.org/t/topic-list-previews/41630/764
these favicons “from http-only websites” are getting disturbing now with current chrome/firefox.
in other words: $USERS are complaining about “why is forum inscecure”
Off course i do explain, what “mixed content” means. But out of 2 which complain (where i do explain) there are probly 10 who do NOT complain, but just assume (silently) "discourse-forum=insecure"
and this even happens on the front page of the forum, where there is no onebox visible. (i do not know the background, but the requested URLs are favicons from oneboxes deep down in some threads.)