When loading a tile service from an organization without ‘HTTPS only’ enabled into a web app hosted in a different organization where either ‘HTTPS only’ is enabled OR ‘HTTPS only’ is not enabled but the URL of the web app is manually changed to HTTPS, the requests to the tile service are still sent via HTTP, thus causing mixed content errors in the browser.