We run our forum on HTTPS, as everyone should. Sometimes people drop a video link, like
which renders as an embedded video. Since the link is HTTP it will however also trigger an ugly “This site is insecure” note in the browser due to mixed content.
It would be nice to have a switch for never embedding content from HTTP URLs. (Just showing the link instead or something like that would be fine I think.)
(Something like this appears to be in place already for still images? I don’t have too many examples to try but I didn’t manage to create an HTTP link to an image that actually embedded properly. Though it shows as a broken-image icon.)