When viewing a secure site over SSL, most browsers default behavior blocks or prompts with a warning any linked non-SSL content. The "What's New" iframe can be configured via help-paths.properties to load from https://docs.atlassian.com/ instead of http://docs.atlassian.com/ in an attempt to avoid this. However, that doesn't achieve much since the "What's New" destination page then does a redirect to non-SSL page located under http://www.atlassian.com/ which then attempts to redirect to https://www.atlassian.com/

Because the insecure redirect is blocked, the user gets an empty white box for the "What's New" feature or if they are lucky an error message saying the content couldn't be loaded. Some browsers will prompt the user asking if they would like to permit mixed content, others will not.

It seems clear to me that the redirect setup from https://docs.atlassian.com/ should go straight to the secure https://www.atlassian.com/ site since that's where the content is ultimately hosted anyway.

I don't want to host Confluence help locally and I'm not even sure that would include "What's New" notices anyway. The only feasible workaround I could come up with was to disable "What's New" notices, which is rather unfortunate.

To reproduce, visit the first URL and inspect the HTTP requests with Tamper Data or Fiddler:
https://docs.atlassian.com/confluence/docs-52/whatsnew/iframe
http://www.atlassian.com/en/software/confluence/whats-new-iframe/52
https://www.atlassian.com/en/software/confluence/whats-new-iframe/52