Mysterious mixed content warning - it appears to all be https with no http?

I have an https page which launches a shadowbox which itself has a page inside it. The shadowbox content is got with whatever protocol the parent page is, so loads with https as well.

When the shadowbox page loads I get a mixed content warning, saying that some parts are not encrypted. Usually this开发者_如何学运维 happens when some of the page contents are got with https requests and some with http. However, according to the "Live HTTP Headers" plugin for firefox, every header for the parent page and the page loaded into the shadowbox are all https: there's no sign of an http request anywhere.

I'm a bit stumped by this and want to get rid of the mixed content warning, because they're really intrusive in some browsers and generally make people panic a bit.

Can anyone else suggest why this might be happening, or a way to diagnose it further?

Grateful for any advice - max