I don’t believe Case 491 - All Traffic is unencrypted (no https) - should be a blocker, as compared to others it isn’t that bad - while not ideal, it isn’t a dealbreaker.
Strongly disagree. plain Text is susceptible to all kinds of man in the middle attacks, injections and tracking. Even worse for websites that transmit PII or passwords. TLS certificates are free now, there is absolutely no reason why an application/website that connects to/from the internet should use plain text http.
Additionally the point is very rare, which is exactly what a blocker should be.
See this post/video by Troy Hunt Troy Hunt: Here's Why Your Static Website Needs HTTPS
2 Likes
I feel like it’s only rare because it’s never brought up, as opposed to it never happening.
2.4% according to Mozilla The Evolution of HTTPS Adoption in Firefox | Attack & Defense
1 Like