Any time your browser makes a request via HTTPS, the request and the response are both encrypted (which would entail them also being encoded.)
Your ISP, if they wanted, could tell what sites your friend was visiting by examining the IP traffic, but would not be able to decipher the HTTPS requests.
Now then, the specific answer depends on how the site is built. It’s very possible that the site returns some HTML for a given request via HTTPS, but that HTML contains links to images via plain HTTP. In that case the images would be sent in the clear. However, most browsers will issue a warning if a page mixes secure and insecure data.