Here's some background on this feature in Chrome (which is similar in other browsers, though Chrome is more aggressive about blocking):
Cloudflare might be useful to manage the display of http content on https-enabled pages with 'Automatic HTTPS rewrites', but a full https (or protocol agnostic embed using
//example.com or relative path) is better. That way if your page supports both http and https, the Hype embed would be loaded based on that page's security
And here's some text so others can find this issue:
"This page is trying to load scripts from unauthenticated sources"