Again, this is not something that CF controls. On your same
server, you should get the same warning if you use HTML. CF is not
sending the HTTPS header -- the web server is controlling this.
For sites like EBay and Google, if the "Warn if changing
between secure and not secure mode" option is enabled, then the
browser will display a warning when changing modes if the protocol
changes between HTTPS and HTTP. Their code is not doing it -- it is
a function of the web browser in response to the protocol served by
the web server.