Ok.
You have mixed content on the webpage. Browser do not like this. (So HTTPS and HTTP content on the same site).
I see you are using IBM WebSphere. Did you configure it that it is using a SSL offloading proxy?
httpsIndicatorHeader
The custom property httpsIndicatorHeader manages HTTPS requests that are forwarded to an application server from an SSL offloader that is used in front of WebSphere Application Server. When an HTTPS request is received by an SSL offloader, it is redirected over HTTP to an application server by using WebSphere Application Server. The SSL offloader must be configured to add a special header that indicates that the original request was over HTTPS. The httpsIndicatorHeader property specifies the request header key name added by the SSL box. The application server checks this indicator to determine whether SSL is required. If it determines the request is SSL over HTTP, an HTTPS scheme is chosen.