I did a little digging. It maybe related to mixed content.
https://www.reddit.com/r/firefox/comments/awjvyd Related documentation:
An HTTPS page that includes content fetched using cleartext HTTP is called a mixed content page. Pages like this are only partially encrypted, leaving the unencrypted content accessible to sniffers and man-in-the-middle attackers.
Could this be fixed?