I recently ran across this strange bug while building a guided landing page for a partner. The Chrome inspector console was throwing a mixed content message for a favicon that was coming from an HTTP non-secure URL. I thought, well that is strange because I added all the favicon links right in the Marketo page and they are all coming from and HTTPS secure URLs.
Sure enough looking at the page source Marketo was adding additional /favicon.ico urls to the content. Trouble is, when you have your own subdomain as your marketo domain there is no way to add a favicon in the root of the domain. (https://subdomain.YOURDOMAIN.com/favicon.ico) Uploading images will get you a URL link like this for your image https://subdomain.YOURDOMAIN.com/rs/000-AAA-123/images/image-name.png.
The mixed content message I was getting was actually a stroke of luck in finding this problem. If you have a subdomain as your Marketo domain then you probably have your main www.YOURDOMAIN.com as your global redirect. So someone coming to a URL that doesn’t exist on your Marketo subdomain will get redirected to your main website www.YOURDOMAIN.com. But if your global website redirect is set to HTTPS you wouldn’t see this favicon problem. The problem is actually much worse.
Here is where it gets interesting
When it goes to find your favicon that doesn’t and can’t exist in your Marketo subdomain, it will redirect. Instead it will download your entire web homepage at www.YOURDOMAIN.com thinking it is getting a favicon.
Update this in your Marketo Admin settings.
Admin Settings -> Landing Page -> Edit Settings -> Remove Default favicon links
More in depth play by play in this blog post by Sanford Whiteman
https://blog.teknkl.com/flop-timized-marketo-lps-and-the-case-of-the-350kb-favicon/