For me, the GM, it only happens in Firefox (version 82.0.2) (web console error below) for all games tested. Chrome works just fine. But, last night the problem was there for both my players (one running Firefox and the other Chrome). I've gone through the troubleshooting steps up to the console log thing... I copied part of the console log in Firefox at the point of drawing and dropping a card to the tabletop. Error loading graphic, probably due to CORS. Trying once without CORS for <a href="http://files.d20.io/images/1452/thumb.png?1335737590" rel="nofollow">http://files.d20.io/images/1452/thumb.png?1335737590</a> app.js :552:10813 Loading mixed (insecure) display content “ <a href="http://files.d20.io/images/1452/thumb.png?13357375901604251423656" rel="nofollow">http://files.d20.io/images/1452/thumb.png?13357375901604251423656</a> ” on a secure page app.js :552:11181 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at <a href="http://files.d20.io/images/1452/thumb.png?13357375901604251423656" rel="nofollow">http://files.d20.io/images/1452/thumb.png?13357375901604251423656</a> . (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at <a href="http://files.d20.io/images/1452/thumb.png?13357375901604251423656" rel="nofollow">http://files.d20.io/images/1452/thumb.png?13357375901604251423656</a> . (Reason: CORS request did not succeed). Second load attempt failed for <a href="http://files.d20.io/images/1452/thumb.png?13357375901604251423656" rel="nofollow">http://files.d20.io/images/1452/thumb.png?13357375901604251423656</a> app.js :552:10795