Our client’s WordPress site is shown as Not Secure on Chrome. This is when the SSL certificate is valid according to Chrome itself.

When I go to the SSL settings in WordPress, I notice the following configuration:

The warning message says that the HTTP Strict Transport Security is not activated and one should get Premium to activate.

The second warning message says that the secure cookie settings are not activated and we should go Premium for that, too.

How should one normally troubleshoot this?

Update:

It appears that the json file to a Vimeo link on the homepage is causing a Mixed Content error when I inspect the code. Here is the error message:

Mixed Content: The page at ‘https://www.MYWEBSITENAME.se/‘ was loaded over
HTTPS, but requested an insecure XMLHttpRequest endpoint
‘http://vimeo.com/api/v2/video/332613091.json‘. This request has been
blocked; the content must be served over HTTPS. (anonymous) @ VM14:1