If you're loading a font from http, but you load your document over HTTPS (the HTML file), then your browser will warn that an unsecured connection is attempted. Your best bet is to use https:// whenever possible. You may need to whitelist the domain you are testing on to ensure that the font can load when viewing that domain. This help article has more info if you're having issues during testing: