Can you block that one specific advertiser at your account?

Did you edit your Adsense code when you switched to HTTPS? If not you need to. Just either remove the protocol from the path or change the HTTP to HTTPS.

I'd report it to Google. Third-party advertising networks should not be loading insecure resources on a HTTPS site.

I actually reported this a month or so ago, google confirmed it was vindicosuite and that "the creatives which are being requested from a non-secure domain is making the browser throw the mixed content error."

The only advice I got was this "I suggest that you work with your Advertiser/Creative provider to respond with secure content."

Which left me back at square one?

What can be done here?

As I suggested.

I just added vindicosuite.com to my block list in case it happens at my properties as well. I'm not going to lose customers because of advertiser negligence

Is that in adsense allow & block ads? Would I just add vindicosuite.com or mpp.vindicosuite.com? I have tried both but still coming through, don't know if there's a delay for effect.

The only advice I got was this "I suggest that you work with your Advertiser/Creative provider to respond with secure content."

Is it possible the ad was a backup ad? If not, then obviously you have nothing to work with (except blocking the ad). I'd tell them that. If it could be a backup ad, AdSense isn't really involved.

I don't have a backup after adsense. I added mpp.vindicosuite.com into the block list earlier but they still appear

Is that in adsense allow & block ads? Would I just add vindicosuite.com or mpp.vindicosuite.com?

Yes.

Normally I would suggest just adding vindicosuite.com and that will include the sub-directories - however since there seems to be no DNS for vindicosuite.com, in this case it is probably best to use mpp.vindicosuite.com.

I don't have a backup after adsense.

Then I would contact Google again and tell them the problem is on their end. But make sure it is first, i.e. make sure the "vindicosuite" ads are loaded through the AdSense network.

They are still coming through, seem impossible to stop. Code definitely suggests its through adsense as its after the tag loads

@ keyplyer

Did you edit your Adsense code when you switched to HTTPS? If not you need to

I simply replaced all the old ads with brand new refurbished ones for https.

God I love SSI - so easy peasy.

@faceman - Just to be clear...

Are you using a 301 or are you allowing access through both HTTPS & HTTP?

Did you change ALL your Adsence code to HTTPS?

Also, you might try using desktop Chrome56 and install the Adsence Publisher extension. You can then verify for certain where each ad is coming from and report it.

Another option - Using this instead of your current 301 may do the trick. This should make all remote incoming files HTTPS:

RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

Give it a try. Don't forget to back-up your current htaccess file :)