Just in case you need another reason to consider making the HTTPS switch for your websites, Mozilla has announced they have begun making steps to deprecate HTTP in Firefox.  This follows a move by Chrome to show warnings for unsecure websites.

Mozilla has outlined the plan for HTTP deprecation here.  Here is their outlined schedule:

Phase 0: Define “privileged contexts”.  This is the thing to which features will be limited, encompassing at least HTTPS origins.  This is already in progress in the WebAppSec WG.

Phase 1: Declare that after Date X.0, privileged contexts are required for all new features.  We will need to decide (1) the date, and (2) the scope of “new features” — are things like new CSS attributes included, or only new web APIs?

Phase 2.N: Declare that after Date X.N, privileged contexts are required for set S.N of existing features.  The selection of features will need to balance security benefit versus compatibility impact.

Phase 3: Essentially all of the web is HTTPS.

They plan to move in stages so developers are prepared for the switch.

One could imagine a few ways that features could be grouped into 2.N tranches, but it seems like it would be most effective to have a regular schedule of “releases”, say every six months.  That will help ensure maximum visibility of the deprecations to developers, compared to, say setting different deprecation dates for each different API.

The move isn’t really surprising, especially with industry leader Chrome doing this as well.  According to HTTP Archive, only 15% of webpage requests are currently done over HTTPS so perhaps Chrome and Firefox making this change will encourage more sites to make the secure switch.