Track down where script is being enqueued from

I have a WordPress site with an SSL certificate. It all works fine, except that this little insecure shield icon shows up because the header has an enqueued non-https script.

The issue is that I don’t know which plugin is enqueuing this script into the header in order to change it into https. Is there any way I could track down where the script is being enqueued from? Any help would be appreciated!

Btw, in case it helps, the unsafe script that is being enqueued is the google maps script (http://maps.google.com/maps/api/js?sensor=false&ver=4.2.10)

There is no filter when a script is registered, so it is hard to track that down. Use a full text search in all your theme and plugin files to find the source.

In addition, you can filter the URL before it is printed:

add_filter( 'script_loader_src', function( $url ) {
    if ( 0 !== strpos( $url, 'http:' ) )
        return $url;

    return substr( $url, 5 );
});

This will create an URL without protocol, so the browser will just use the same protocol (here: HTTPS) as your site.