I am helping a friend with his ecommerce site. He has valid SSL certificates and hence shoppers can browse securely on HTTPS, with a nice green padlock in the browser bar. Which is a good reassurance for alert online shoppers.
He recently introduced a third party tracking pixel on the site, which is called remotely and communicates over HTTP. Because of this, ie. because the user's entire session isn't going over HTTPS, the green padlock does not appear and it causes the browser to alert the customer that the website is unsecured or unsafe. Although all sensitive user data is actually only ever sent down the HTTPS connection!
How could this be improved to restore the green padlock and user confidence? How have other retailers dealt with this?