Update, went back in and first allowed http : //s and no alert when the page reloaded. Note in the image attached it has switched the http to https in the address window.

Then allowed facebook.net and no alert when the page reloaded. However now there was an entry for facebook.com, which I also allowed and no alert when the page reloaded.

So for me I can’t replicate the insecure content message.