Mozilla has declared aggressively that they are considering to drop non secure HTTP.
Security Lead of Firefox Richard Barnes mentioned in a post. “After a robust discussion on our community mailing list, Mozilla is committing to focus new development efforts on the secure web, and start removing capabilities from the non-secure web,”
He added further, “There are two broad elements of this plan: setting a date after which all new features will be available only to secure websites, and gradually phasing out access to browser features for non-secure websites, especially features that pose risks to users’ security and privacy.”
But they are aware that they need to tread carefully, and find a good balance between security and usability, as removing features from the non-secure web could result in many sites “breaking.”
“We’re also already considering softer limitations that can be placed on features when used by non-secure sites. For example, Firefox already prevents persistent permissions for camera and microphone access when invoked from a non-secure website,” he noted. “There have also been some proposals to limit the scope of non-secure cookies.”
HTTP will not be banned entirely, but will certainly have to permit for a switch to ‘HTTPS’ whenever needed, with HSTS help and the ‘upgrade insecure requests’ CSP attribute.
To be able to pacify programmers who could possibly be worried regarding this changeover, Mozilla has released a FAQ-section which offers a lot more information in relation to what this particular switch will imply for these individuals, particularly when it’s to do with the security certificates.
Now Mozilla is not really the only company pushing for the SSL usage and making the world wide web more secure. Last August the Google had declared that websites utilizing HTTPS will probably be ranked higher throughout SERPs (Google Search results), efficiently providing website owners yet another incentive to move to HTTPS.