If the cover art for Listen cards is loaded from the CAA, the link that is inserted into the HTML goes through a cleartext HTTP redirect. This triggers a mixed content warning in browsers, including a warning symbol on the padlock in Firefox (in Chrome the request is automatically upgraded to HTTPS, but there is still a warning logged to the console).

<img src="http://coverartarchive.org/release/189afa95-cb9d-43fc-987c-d238776f22db/7301851311-250.jpg" alt="Yikes!">

This presumably happens because the index structures returned by the CAA contain HTTP URLs, but the site does support HTTPS so the URLs could just be upgraded