When you are opening a site via https protocol and there are items loaded with absolute addresses started with http some browsers, like IE, throw a message This page contains both secure and non-secure items. It is really annoying and if the user decides to can prevent these items of showing and he can brake the whole layout or some functionality.
I had a similar problem and the first thing that I did was to check the whole page for external resources like images,
css, js, and swf files. In my case everything was ok and I found that the problem is in the Facebook's stuff that was
included in the page. The problem comes from a FeatureLoader.js.php
file, which loads another library with http
instead of https protocol. I solved the problem by creating a simple php file that wrappes the facebook's code.
$url = "http://static.ak.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php";
[ ^ ] $content = file_get_contents($url);
$content = str_replace("http:", "https:", $content);