Via the customizer, recent versions of WordPress allow you to add a favicon to your site automatically. The feature generates a favicon in the right sizes and inserts them in the
<head> of your HTML code. It’s an ideal way to have a valid image for your favicon and mobile devices.
However, when I was logged into WordPress, I saw that this image was not loaded over HTTPS. This resulted in a browser warning.
I did not find a way to fully remove this new feature. However, you can simply remove the image you uploaded at
http://example.com/wp-admin/customize.php and manually add your preferred meta tags. Including https URI’s ;-)