I have a domain parked at Cloudflare and am forwarding it to a Google Site via a ghs.googlehosted.comcname.
When I load the Google Site directly, SSL is OK. However when loading through the Cloudflare domain, there is a mixed content error. It is from http://cgi.gstatic.com where Google Sites store graphics. Don’t know why the error is only when the Google site is accessed through the Cloudflare forwarded domain.
jot_min_view__en.js:131 Mixed Content: The page at 'https://www.avpusaconference.org/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://www.avpusaconference.org/_/tz?jot.xtok=undefined&afjstz=lg1E0r1g1A4r2g1E0r2g1A4r8'. This request has been blocked; the content must be served over HTTPS.
Appears to be related to a script which won’t be altered by https rewrites, you need to edit the javascript. The resource is available via https:
for some reason, the link(s) on the page are set to http:// and are served via a javascript file, something CF can’t rewrite the URLs for. This link needs to somehow be changed to https://, or the header upgrade-insecure-requests needs to be set to 1.
Might be related to the “SSL Mode” you have set (likely flexible) - you could try temporarily changing it to Full or Full Strict to see if that gets google to serve https links instead of http.